OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only

usage guide text for splitkey and pkcs11

  • 1.  usage guide text for splitkey and pkcs11

    Posted 07-14-2022 05:03
    Draft text for inclusion in 3.9 Split Key in the Usage Guide For PolynomialSharingGF2_8 based splits, the specific polynomial being used varies between implementations. The OASIS Security Algorithms and Methods (SAM) TC has defined two algorithms in the SAM Threshold Sharing Schemes Version 1.0 at http://docs.oasis-open.org/sam/sam-tss/v1.0/sam-tss-v1.0.html which are referred to in KMIP as Polynomial-283 (Polynomial 1 within SAM) and Polynomial-285 (Polynomial 2 within SAM). Implementations SHOULD explicitly specify the SplitKeyPolynomial in KMIP operations in order to achieve interoperability as different KMIP implementations have historically defaulted to different polynomials. The Split Key Algorithms section of the specification for PolynomialSharingGF2_8 has been replaced with a reference to the SAM TSS 1.0. 3.46 PKCS#11 KMIP v2.0 added support for serialisation of PKCS#11 API calls over a KMIP network transport. This enables cross-vendor interoperable PKCS#11 consumer implementations and PKCS#11 aware security gateways to operate without requiring knowledge of vendor-proprietary protocols. KMIP v3.0 adds support for expressing the serialisation format in XML rather than binary for the purpose of test case development. The underlying protocol remains the defined binary encoding in the "PKCS#11 Profiles" but for ease of test case development, the XML representation defined by the PKCS#11 Technical Committee can be used for test cases. The PKCS#11 Profiles have been updated to show both the binary serialisation and also the XML representation.