README
ΒΆ
kmip-go
A comprehensive Go implementation of the Key Management Interoperability Protocol (KMIP), supporting KMIP versions 1.0 through 1.4. This library provides both client and server implementations with full support for cryptographic operations, key lifecycle management, and secure communication. See KMIP v1.4 protocol specification.
π Features
- Full KMIP Protocol Support: Implements KMIP v1.0 to v1.4 specifications
- Complete Client Library: High-level fluent API with comprehensive operation support
- Server Implementation: Production-ready KMIP server components
- Multiple Encoding Formats: Binary TTLV, XML, JSON, and human-readable text formats
- Extensible: Easily declare user defined KMIP types and extensions
- Comprehensive Cryptographic Operations: Key generation, encryption, decryption, signing, verification
- Flexible Authentication: Mutual TLS, username/password, device, and attestation-based authentication
- TLS Security: Built-in TLS support with client certificate authentication
- Batch Operations: Support for batching multiple operations in a single request
- Middleware System: Extensible middleware for logging, debugging, and custom functionality
- Go standard crypto compatible: Implements crypto.Signer interface and support cryptographic key types from the standard library
- Production Ready: Developed and tested against OVHcloud KMS
π Table of Contents
- Installation
- Quick Start
- Client API
- Server API
- Advanced Features
- Authentication
- Examples
- Implementation Status
- Contributing
- Troubleshooting
- Development
- License
- Support
- Acknowledgments
π¦ Installation
go get github.com/ovh/kmip-go@latest
π Quick Start
package main
import (
"fmt"
"log"
"github.com/ovh/kmip-go"
"github.com/ovh/kmip-go/kmipclient"
)
func main() {
// Connect to KMIP server
client, err := kmipclient.Dial(
"your-kmip-server:5696",
kmipclient.WithClientCertFiles("cert.pem", "key.pem"),
)
if err != nil {
log.Fatal(err)
}
defer client.Close()
// Create an AES key
resp := client.Create().
AES(256, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt).
WithName("my-encryption-key").
MustExec()
fmt.Printf("Created AES key: %s\n", resp.UniqueIdentifier)
// Activate the key
client.Activate(resp.UniqueIdentifier).MustExec()
// Encrypt some data
plaintext := []byte("Hello, KMIP!")
encrypted := client.Encrypt(resp.UniqueIdentifier).
WithCryptographicParameters(kmip.AES_GCM).
Data(plaintext).
MustExec()
fmt.Printf("Encrypted data length: %d bytes\n", len(encrypted.Data))
}
π§ Client API
Connection and Configuration
import (
"os"
"time"
"github.com/google/uuid"
"github.com/ovh/kmip-go"
"github.com/ovh/kmip-go/kmipclient"
"github.com/ovh/kmip-go/ttlv"
)
// Connect with comprehensive options
client, err := kmipclient.Dial(
"eu-west-rbx.okms.ovh.net:5696",
// TLS Configuration
kmipclient.WithRootCAFile("ca.pem"), // Custom CA certificate
kmipclient.WithClientCertFiles("cert.pem", "key.pem"), // Client certificates
kmipclient.WithClientCertPEM(certPEM, keyPEM), // Client certs from PEM data
kmipclient.WithServerName("kmip.example.com"), // Server name for TLS
kmipclient.WithTlsConfig(tlsConfig), // Custom TLS config
// Protocol Version Configuration
kmipclient.WithKmipVersions(kmip.V1_4, kmip.V1_3), // Supported versions
kmipclient.EnforceVersion(kmip.V1_4), // Enforce specific version
// Middleware
kmipclient.WithMiddlewares(
kmipclient.CorrelationValueMiddleware(uuid.NewString),
kmipclient.DebugMiddleware(os.Stdout, ttlv.MarshalXML),
kmipclient.TimeoutMiddleware(30*time.Second),
),
)
Key Creation and Management
Symmetric Keys
// AES Keys
aes128 := client.Create().AES(128, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt)
aes256 := client.Create().AES(256, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt)
// Other symmetric algorithms
tdes := client.Create().TDES(192, kmip.CryptographicUsageEncrypt)
skipjack := client.Create().Skipjack(kmip.CryptographicUsageEncrypt) // 80-bit key
// With attributes
key := client.Create().
AES(256, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt).
WithName("my-encryption-key").
WithAttribute(kmip.AttributeNameDescription, "Production encryption key").
WithUsageLimit(1000000, kmip.UsageLimitsUnitByte).
MustExec()
Asymmetric Key Pairs
// RSA Key Pairs
rsaKeyPair := client.CreateKeyPair().
RSA(2048, kmip.CryptographicUsageSign, kmip.CryptographicUsageVerify).
WithName("my-rsa-keypair").
MustExec()
// ECDSA Key Pairs
ecdsaKeyPair := client.CreateKeyPair().
ECDSA(kmip.RecommendedCurveP_256, kmip.CryptographicUsageSign, kmip.CryptographicUsageVerify).
WithName("my-ecdsa-keypair").
MustExec()
// Access individual keys
fmt.Printf("Private Key ID: %s\n", ecdsaKeyPair.PrivateKeyUniqueIdentifier)
fmt.Printf("Public Key ID: %s\n", ecdsaKeyPair.PublicKeyUniqueIdentifier
Object Registration
// Register existing cryptographic material
registered := client.Register().
Object(existingKeyObject).
WithName("imported-object").
MustExec()
// Register with specific attributes
cert := client.Register().
Certificate(kmip.CertificateTypeX_509, x509Cert).
WithName("server-certificate").
WithAttribute(kmip.AttributeNameCertificateType, kmip.CertificateTypeX_509).
MustExec()
Cryptographic Operations
Encryption and Decryption
// Basic encryption
plaintext := []byte("sensitive data")
encrypted := client.Encrypt(keyID).
WithCryptographicParameters(kmip.CryptographicParameters{ /* parameters */ }).
Data(plaintext).
MustExec()
// Encryption with specific parameters
encrypted := client.Encrypt(keyID).
WithCryptographicParameters(kmip.AES_GCM).
WithIvCounterNonce(iv).
WithAAD(additionalData).
Data(plaintext).
MustExec()
// Decryption
decrypted := client.Decrypt(keyID).
WithCryptographicParameters(kmip.AES_GCM).
WithIvCounterNonce(encrypted.IVCounterNonce).
WithAAD(additionalData).
WithAuthTag(encrypted.AuthenticatedEncryptionTag).
Data(encrypted.Data).
MustExec()
fmt.Printf("Decrypted: %s\n", decrypted.Data)
Digital Signatures
// Sign data
data := []byte("document to sign")
signature := client.Sign(privateKeyID).
WithCryptographicParameters(kmip.CryptographicParameters{ /* parameters */ }).
Data(data).
MustExec()
// Sign pre-hashed data
hashedData := sha256.Sum256(data)
signature = client.Sign(privateKeyID).
WithCryptographicParameters(kmip.CryptographicParameters{ /* parameters */ }).
DigestedData(hashedData[:]).
MustExec()
// Verify signature
verified := client.SignatureVerify(publicKeyID).
WithCryptographicParameters(kmip.CryptographicParameters{ /* parameters */ }).
Data(data).
Signature(signature.SignatureData).
MustExec()
fmt.Printf("Signature valid: %t\n", verified.ValidityIndicator == kmip.ValidityIndicatorValid)
Go crypto.Signer Interface
// Get a crypto.Signer for use with standard Go crypto packages
signer, err := client.Signer(ctx, privateKeyID, publicKeyID)
if err != nil {
log.Fatal(err)
}
// Use with crypto packages
hash := sha256.Sum256(data)
signature, err := signer.Sign(rand.Reader, hash[:], crypto.SHA256)
if err != nil {
log.Fatal(err)
}
// Use with x509 certificate signing
template := &x509.Certificate{/*...*/}
certDER, err := x509.CreateCertificate(rand.Reader, template, caCert, signer.Public(), signer)
Key Lifecycle Management
Key States and Activation
// Activate a key
client.Activate(keyID).MustExec()
// Check key state
attrs := client.GetAttributes(keyID, kmip.AttributeNameState).MustExec()
for _, attr := range attrs.Attribute {
if attr.AttributeName == kmip.AttributeNameState {
fmt.Printf("Key state: %v\n", attr.AttributeValue)
}
}
// Revoke a key
client.Revoke(keyID).
WithRevocationReasonCode(kmip.RevocationReasonCodeKeyCompromise).
WithRevocationMessage("Security incident detected").
MustExec()
// Archive and recover
client.Archive(keyID).MustExec()
client.Recover(keyID).MustExec()
// Destroy key (irreversible)
client.Destroy(keyID).MustExec()
Attribute Management
// Get all attributes
allAttrs := client.GetAttributes(keyID).MustExec()
// Get specific attributes
specificAttrs := client.GetAttributes(keyID,
kmip.AttributeNameState,
kmip.AttributeNameCryptographicUsageMask,
kmip.AttributeNameCryptographicLength,
).MustExec()
// Get attribute list (names only)
attrList := client.GetAttributeList(keyID).MustExec()
// Add attributes
client.AddAttribute(keyID, kmip.AttributeNameDescription, "Updated description").MustExec()
// Modify attributes
client.ModifyAttribute(keyID, kmip.AttributeNameName, kmip.Name{
NameType: kmip.NameTypeUninterpretedTextString,
NameValue: "updated-key-name",
}).MustExec()
// Delete attributes
client.DeleteAttribute(keyID, kmip.AttributeNameDescription).MustExec()
Key Discovery
// Find keys by name
keys := client.Locate().
WithName("production-key").
MustExec()
// Complex search criteria
keys = client.Locate().
WithObjectType(kmip.ObjectTypeSymmetricKey).
WithAttribute(kmip.AttributeNameCryptographicAlgorithm, kmip.CryptographicAlgorithmAES).
WithAttribute(kmip.AttributeNameCryptographicLength, int32(256)).
WithUsageLimit(1000000, kmip.UsageLimitsUnitByte).
MustExec()
for _, keyID := range keys.UniqueIdentifier {
fmt.Printf("Found key: %s\n", keyID)
}
Batch Operations
// Hight-Level batch builder
result := client.Create().
AES(256, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt).
WithName("batch-key").
Then(func(client *kmipclient.Client) kmipclient.PayloadBuilder {
// Use ID returned from previous operation
return client.Activate("")
}).
Then(func(client *kmipclient.Client) kmipclient.PayloadBuilder {
// Use ID returned from previous operation
return client.GetAttributes("", kmip.AttributeNameState)
}).
MustExec()
// Manual batch creation
createReq1 := &payloads.CreateRequestPayload{ /* ... */ }
createReq2 := &payloads.ActivateRequestPayload{ /* ... */ }
activateReq := &payloads.GetAttributesRequestPayload{ /* ... */ }
result, err = client.Batch(ctx, createReq1, createReq2, activateReq)
if err != nil {
log.Fatal(err)
}
// Process batch results
for i, resp := range result {
if err := resp.Err(); err != nil {
fmt.Printf("Operation %d failed: %s - %s\n", i+1, resp.ResultStatus, resp.ResultReason)
continue
}
switch payload := resp.ResponsePayload.(type) {
case *payloads.CreateResponsePayload:
fmt.Printf("Created key %d: %s\n", i+1, payload.UniqueIdentifier)
case *payloads.ActivateResponsePayload:
fmt.Printf("Activated key: %s\n", payload.UniqueIdentifier)
}
}
Low-Level Operations
// Direct payload construction for maximum control
request := payloads.CreateRequestPayload{
ObjectType: kmip.ObjectTypeSymmetricKey,
TemplateAttribute: kmip.TemplateAttribute{
Attribute: []kmip.Attribute{
{
AttributeName: kmip.AttributeNameCryptographicAlgorithm,
AttributeValue: kmip.CryptographicAlgorithmAES,
},
{
AttributeName: kmip.AttributeNameCryptographicLength,
AttributeValue: int32(256),
},
{
AttributeName: kmip.AttributeNameCryptographicUsageMask,
AttributeValue: kmip.CryptographicUsageEncrypt | kmip.CryptographicUsageDecrypt,
},
},
},
}
// Send request
response, err := client.Request(ctx, &request)
if err != nil {
log.Fatal(err)
}
keyID := response.(*payloads.CreateResponsePayload).UniqueIdentifier
π₯οΈ Server API
package main
import (
"context"
"crypto/tls"
"log"
"net"
"github.com/ovh/kmip-go"
"github.com/ovh/kmip-go/kmipserver"
)
// Implement the RequestHandler interface
type MyKMIPHandler struct {
// Your key management backend
}
func (h *MyKMIPHandler) HandleRequest(ctx context.Context, req *kmip.RequestMessage) *kmip.ResponseMessage {
// Process KMIP request and return response
// Implement your key management logic here
return &kmip.ResponseMessage{
Header: kmip.ResponseHeader{
ProtocolVersion: req.Header.ProtocolVersion,
BatchCount: req.Header.BatchCount,
},
BatchItem: []kmip.ResponseBatchItem{
// Process each batch item
},
}
}
func main() {
// Setup TLS
cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
if err != nil {
log.Fatal(err)
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
}
// Create listener
listener, err := tls.Listen("tcp", ":5696", tlsConfig)
if err != nil {
log.Fatal(err)
}
// Create and start server
handler := &MyKMIPHandler{}
server := kmipserver.NewServer(listener, handler)
log.Println("Starting KMIP server on :5696")
if err := server.Serve(); err != nil {
log.Fatal(err)
}
}
π Advanced Features
Custom Middleware
// Rate limiting middleware
func RateLimitMiddleware(limiter *rate.Limiter) kmipclient.Middleware {
return func(next kmipclient.Next, ctx context.Context, req *kmip.RequestMessage) (*kmip.ResponseMessage, error) {
// Wait for rate limit
if err := limiter.Wait(ctx); err != nil {
return nil, fmt.Errorf("rate limit exceeded: %w", err)
}
return next(ctx, req)
}
}
// Retry middleware
func RetryMiddleware(maxRetries int) kmipclient.Middleware {
return func(next kmipclient.Next, ctx context.Context, req *kmip.RequestMessage) (*kmip.ResponseMessage, error) {
var lastErr error
for i := 0; i <= maxRetries; i++ {
resp, err := next(ctx, req)
if err == nil {
return resp, nil
}
lastErr = err
// Exponential backoff
if i < maxRetries {
backoff := time.Duration(1<<uint(i)) * time.Second
select {
case <-time.After(backoff):
case <-ctx.Done():
return nil, ctx.Err()
}
}
}
return nil, fmt.Errorf("request failed after %d retries: %w", maxRetries, lastErr)
}
}
// Use middleware
client, err := kmipclient.Dial(
"server:5696",
kmipclient.WithMiddlewares(
RateLimitMiddleware(rate.NewLimiter(10, 1)),
RetryMiddleware(3),
),
)
Error Handling Patterns
// Comprehensive error handling
resp, err := client.Create().AES(256, kmip.CryptographicUsageEncrypt).Exec()
if err != nil {
// Network or connection errors
var netErr net.Error
if errors.As(err, &netErr) {
log.Printf("Network error: %v (timeout: %t, temp: %t)",
netErr, netErr.Timeout(), netErr.Temporary())
return
}
// TLS errors
var tlsErr tls.RecordHeaderError
if errors.As(err, &tlsErr) {
log.Printf("TLS error: %v", tlsErr)
return
}
// KMIP protocol errors
log.Printf("KMIP operation failed: %v", err)
return
}
// Batch operation error handling
results, err := client.Batch(ctx, req1, req2, req3)
if err != nil {
log.Printf("Batch request failed: %v", err)
return
}
// Check individual results
for i, result := range results {
if err := result.Err(); err != nil {
log.Printf("Operation %d failed: %v", i, err)
continue
}
// Process successful result
switch payload := result.ResponsePayload.(type) {
case *payloads.CreateResponsePayload:
log.Printf("Created key: %s", payload.UniqueIdentifier)
case *payloads.GetResponsePayload:
log.Printf("Retrieved object type: %s", payload.ObjectType)
}
}
// Or check all the batch item responses for error at once
responses, err := results.Unwrap()
if err != nil {
log.Printf("Batch response has some errors: %v", err)
return
}
Working with TTLV Encoding
// Marshal to different formats
request := &payloads.CreateRequestPayload{...}
// Binary TTLV (native KMIP format)
binaryData := ttlv.MarshalTTLV(request)
// XML format (human-readable)
xmlData := ttlv.MarshalXML(request)
// JSON format
jsonData := ttlv.MarshalJSON(request)
// Text format (debugging)
textData := ttlv.MarshalText(request)
// Unmarshal from TTLV
var decoded payloads.CreateRequestPayload
err := ttlv.UnmarshalTTLV(binaryData, &decoded)
if err != nil {
log.Fatal(err)
}
π Authentication
Client Certificate Authentication
// From files
client, err := kmipclient.Dial(
"server:5696",
kmipclient.WithClientCertFiles("cert.pem", "key.pem"),
)
// From PEM data
client, err := kmipclient.Dial(
"server:5696",
kmipclient.WithClientCertPEM(certPEM, keyPEM),
)
// Multiple certificates
client, err := kmipclient.Dial(
"server:5696",
kmipclient.WithClientCertFiles("cert1.pem", "key1.pem"),
kmipclient.WithClientCertFiles("cert2.pem", "key2.pem"),
)
Username/Password Authentication
Can be handled with a custom client middleware which inserts the credentials in the requests headers.
// Basic authentication
auth := kmip.Authentication{
Credential: kmip.Credential{
CredentialType: kmip.CredentialTypeUsernameAndPassword,
CredentialValue: kmip.CredentialValue{
UserPassword: &kmip.CredentialValueUserPassword{
Username: "admin",
Password: "secret",
},
},
},
}
// Add to request headers manually or use middleware
Device Authentication
Can be handled with a custom client middleware which inserts the credentials in the requests headers.
// Device-based authentication
deviceAuth := kmip.Authentication{
Credential: kmip.Credential{
CredentialType: kmip.CredentialTypeDevice,
CredentialValue: kmip.CredentialValue{
Device: &kmip.CredentialValueDevice{
DeviceSerialNumber: "SN123456789",
DeviceIdentifier: "device-001",
NetworkIdentifier: "192.168.1.100",
},
},
},
}
π‘ Examples
For comprehensive examples, see the examples directory:
- examples/encrypt_decrypt.go - Encryption/decryption workflows
- examples/sign_verify.go - Digital signature operations
- examples/batches.go - Batch processing examples
π Implementation Status
This library implements the OASIS KMIP (Key Management Interoperability Protocol) specifications:
Legend:
- N/A : Not Applicable
- β : Fully compatible
- β : Not implemented
- π§ : Work in progress / Partially compatible
- π : Deprecated
Messages
| v1.0 | v1.1 | v1.2 | v1.3 | v1.4 | |
|---|---|---|---|---|---|
| Request Message | β | β | β | β | β |
| Response Message | β | β | β | β | β |
Operations
| Operation | v1.0 | v1.1 | v1.2 | v1.3 | v1.4 |
|---|---|---|---|---|---|
| Create | β | β | β | β | β |
| Create Key Pair | β | β | β | β | β |
| Register | β | β | β | β | β |
| Re-key | β | β | β | β | β |
| DeriveKey | β | β | β | β | β |
| Certify | β | β | β | β | β |
| Re-certify | β | β | β | β | β |
| Locate | β | β | β | β | β |
| Check | β | β | β | β | β |
| Get | β | β | β | β | β |
| Get Attributes | β | β | β | β | β |
| Get Attribute List | β | β | β | β | β |
| Add Attribute | β | β | β | β | β |
| Modify Attribute | β | β | β | β | β |
| Delete Attribute | β | β | β | β | β |
| Obtain Lease | β | β | β | β | β |
| Get Usage Allocation | β | β | β | β | β |
| Activate | β | β | β | β | β |
| Revoke | β | β | β | β | β |
| Destroy | β | β | β | β | β |
| Archive | β | β | β | β | β |
| Recover | β | β | β | β | β |
| Validate | β | β | β | β | β |
| Query | β | β | β | β | β |
| Cancel | β | β | β | β | β |
| Poll | β | β | β | β | β |
| Notify | β | β | β | β | β |
| Put | β | β | β | β | β |
| Discover | N/A | β | β | β | β |
| Re-key Key Pair | N/A | β | β | β | β |
| Encrypt | N/A | N/A | β | β | β |
| Decrypt | N/A | N/A | β | β | β |
| Sign | N/A | N/A | β | β | β |
| Signature Verify | N/A | N/A | β | β | β |
| MAC | N/A | N/A | β | β | β |
| MAC Verify | N/A | N/A | β | β | β |
| RNG Retrieve | N/A | N/A | β | β | β |
| RNG Seed | N/A | N/A | β | β | β |
| Hash | N/A | N/A | β | β | β |
| Create Split Key | N/A | N/A | β | β | β |
| Join Split Key | N/A | N/A | β | β | β |
| Export | N/A | N/A | N/A | N/A | β |
| Import | N/A | N/A | N/A | N/A | β |
Managed Objects
| Object | v1.0 | v1.1 | v1.2 | v1.3 | v1.4 |
|---|---|---|---|---|---|
| Certificate | β | β | β | β | β |
| Symmetric Key | β | β | β | β | β |
| Public Key | β | β | β | β | β |
| Private Key | β | β | β | β | β |
| Split Key | β | β | β | β | β |
| Template | β | β | β | π | π |
| Secret Data | β | β | β | β | β |
| Opaque Object | β | β | β | β | β |
| PGP Key | N/A | N/A | β | β | β |
Base Objects
| Object | v1.0 | v1.1 | v1.2 | v1.3 | v1.4 |
|---|---|---|---|---|---|
| Attribute | β | β | β | β | β |
| Β Credential | β | β | β | β | β |
| Β Key Block | β | β | β | β | β |
| Key Value | β | β | β | β | β |
| Key Wrapping Data | β | β | β | β | β |
| Key Wrapping Specification | β | β | β | β | β |
| Transparent Key Structures | π§ | π§ | π§ | π§ | π§ |
| Template-Attribute Structures | β | β | β | β | β |
| Extension Information | N/A | β | β | β | β |
| Data | N/A | N/A | β | β | β |
| Data Length | N/A | N/A | β | β | β |
| Signature Data | N/A | N/A | β | β | β |
| MAC Data | N/A | N/A | β | β | β |
| Nonce | N/A | N/A | β | β | β |
| Correlation Value | N/A | N/A | N/A | β | β |
| Init Indicator | N/A | N/A | N/A | β | β |
| Final Indicator | N/A | N/A | N/A | β | β |
| RNG Parameter | N/A | N/A | N/A | β | β |
| Profile Information | N/A | N/A | N/A | β | β |
| Validation Information | N/A | N/A | N/A | β | β |
| Capability Information | N/A | N/A | N/A | β | β |
| Authenticated Encryption Additional Data | N/A | N/A | N/A | N/A | β |
| Authenticated Encryption Tag | N/A | N/A | N/A | N/A | β |
Transparent Key Structures
| Object | v1.0 | v1.1 | v1.2 | v1.3 | v1.4 |
|---|---|---|---|---|---|
| Symmetric Key | β | β | β | β | β |
| DSA Private/Public Key | β | β | β | β | β |
| RSA Private/Public Key | β | β | β | β | β |
| DH Private/Public Key | β | β | β | β | β |
| ECDSA Private/Public Key | β | β | β | π | π |
| ECDH Private/Public Key | β | β | β | π | π |
| ECMQV Private/Public | β | β | β | π | π |
| EC Private/Public | N/A | N/A | N/A | β | β |
Attributes
| Attribute | v1.0 | v1.1 | v1.2 | v1.3 | v1.4 |
|---|---|---|---|---|---|
| Unique Identifier | β | β | β | β | β |
| Name | β | β | β | β | β |
| Object Type | β | β | β | β | β |
| Cryptographic Algorithm | β | β | β | β | β |
| Cryptographic Length | β | β | β | β | β |
| Cryptographic Parameters | β | β | β | β | β |
| Cryptographic Domain Parameters | β | β | β | β | β |
| Certificate Type | β | β | β | β | β |
| Certificate Identifier | β | π | π | π | π |
| Certificate Subject | β | π | π | π | π |
| Certificate Issuer | β | π | π | π | π |
| Digest | β | β | β | β | β |
| Operation Policy Name | β | β | β | π | π |
| Cryptographic Usage Mask | β | β | β | β | β |
| Lease Time | β | β | β | β | β |
| Usage Limits | β | β | β | β | β |
| State | β | β | β | β | β |
| Initial Date | β | β | β | β | β |
| Activation Date | β | β | β | β | β |
| Process Start Date | β | β | β | β | β |
| Protect Stop Date | β | β | β | β | β |
| Deactivation Date | β | β | β | β | β |
| Destroy Date | β | β | β | β | β |
| Compromise Occurrence Date | β | β | β | β | β |
| Compromise Date | β | β | β | β | β |
| Revocation Reason | β | β | β | β | β |
| Archive Date | β | β | β | β | β |
| Object Group | β | β | β | β | β |
| Link | β | β | β | β | β |
| Application Specific Information | β | β | β | β | β |
| Contact Information | β | β | β | β | β |
| Last Change Date | β | β | β | β | β |
| Custom Attribute | β | β | β | β | β |
| Certificate Length | N/A | β | β | β | β |
| X.509 Certificate Identifier | N/A | β | β | β | β |
| X.509 Certificate Subject | N/A | β | β | β | β |
| X.509 Certificate Issuer | N/A | β | β | β | β |
| Digital Signature Algorithm | N/A | β | β | β | β |
| Fresh | N/A | β | β | β | β |
| Alternative Name | N/A | N/A | β | β | β |
| Key Value Present | N/A | N/A | β | β | β |
| Key Value Location | N/A | N/A | β | β | β |
| Original Creation Date | N/A | N/A | β | β | β |
| Random Number Generator | N/A | N/A | N/A | β | β |
| PKCS#12 Friendly Name | N/A | N/A | N/A | N/A | β |
| Description | N/A | N/A | N/A | N/A | β |
| Comment | N/A | N/A | N/A | N/A | β |
| Sensitive | N/A | N/A | N/A | N/A | β |
| Always Sensitive | N/A | N/A | N/A | N/A | β |
| Extractable | N/A | N/A | N/A | N/A | β |
| Never Extractable | N/A | N/A | N/A | N/A | β |
π οΈ Contributing
Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change. In any case, please follow Contribution Guidelines
π§ Troubleshooting
Common Issues
Connection Problems
# Verify server connectivity
telnet your-kmip-server 5696
# Check TLS certificate issues
openssl s_client -connect your-kmip-server:5696 -cert cert.pem -key key.pem
Authentication Failures
- Ensure client certificates are valid and not expired
- Verify the server accepts your certificate chain
- Check that the username/password credentials are correct, if used
- Verify the certificate key usage allows client authentication
Protocol Version Issues
// Force a specific KMIP version
client, err := kmipclient.Dial(
"server:5696",
kmipclient.EnforceVersion(kmip.V1_4),
)
Debug Logging
// Enable debug logging to see TTLV messages
client, err := kmipclient.Dial(
"server:5696",
kmipclient.WithMiddlewares(
kmipclient.DebugMiddleware(os.Stdout, ttlv.MarshalXML),
),
)
π οΈ Development
Building and Testing
# Clone repository
git clone https://github.com/ovh/kmip-go.git
cd kmip-go
# Install dependencies
go mod download
# Run all tests
go test -race ./...
# Run integration tests (requires KMIP server)
go test -race -tags=integration ./...
Code Quality
# Format code
go fmt ./...
# Run linter (requires golangci-lint)
golangci-lint run
# Build examples
go build ./examples/...
π License
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
π Support
- Documentation: Go Reference
- Issues: GitHub Issues
- OVHcloud KMS: Documentation
- KMIP Standard:
π Acknowledgments
This library is developed and maintained by OVHcloud, with contributions from the open source community. It is designed to work seamlessly with OVHcloud KMS but is compatible with any KMIP-compliant key management system.
Note: This library is primarily developed and tested against OVHcloud KMS. While it aims for full KMIP compliance, some features may work differently with other KMIP implementations. Please report any compatibility issues.
Documentation
ΒΆ
Overview ΒΆ
Example ΒΆ
Example demonstrates how to establish a connection to a KMIP server, create a symmetric key, and use it to encrypt data. This shows the basic client setup with TLS certificates.
// Connect to KMIP server with client certificates
client, err := kmipclient.Dial(
"your-kmip-server.example.com:5696",
kmipclient.WithClientCertFiles("client-cert.pem", "client-key.pem"),
// Optionally specify root CA if needed
// kmipclient.WithRootCAFile("ca.pem"),
)
if err != nil {
log.Fatal(err)
}
defer client.Close()
fmt.Printf("Connected using KMIP version %s\n", client.Version())
// Create an AES key
resp, err := client.Create().
AES(256, kmip.CryptographicUsageEncrypt|kmip.CryptographicUsageDecrypt).
WithName("My-Encryption-Key").
ExecContext(context.Background())
if err != nil {
log.Fatal(err)
}
// Create a random Nonce / IV
iv := make([]byte, kmip.AES_GCM.IVLength)
_, _ = rand.Read(iv)
// Build and send an encryption request
resp2, err := client.Encrypt(resp.UniqueIdentifier).
WithCryptographicParameters(kmip.AES_GCM).
WithIvCounterNonce(iv).
Data([]byte("My secret data")).
ExecContext(context.Background())
if err != nil {
log.Fatal(err)
}
// Concatenate IV, ciphertext and tag, then display the result
cipher := append(resp2.IVCounterNonce, resp2.Data...)
cipher = append(cipher, resp2.AuthenticatedEncryptionTag...)
fmt.Println("Cipher text:", hex.EncodeToString(cipher))
Index ΒΆ
- Constants
- Variables
- func RegisterOperationPayload[Req, Resp any](op Operation)
- type AlternativeName
- type AlternativeNameType
- type ApplicationSpecificInformation
- type AttestationType
- type Attribute
- type AttributeName
- type Authentication
- type BatchErrorContinuationOption
- type BlockCipherMode
- type CancellationResult
- type CapabilityInformation
- type Certificate
- type CertificateIdentifierdeprecated
- type CertificateIssuerdeprecated
- type CertificateRequestType
- type CertificateSubjectdeprecated
- type CertificateType
- type ClientRegistrationMethod
- type Credential
- type CredentialType
- type CredentialValue
- type CredentialValueAttestation
- type CredentialValueDevice
- type CredentialValueUserPassword
- type CryptographicAlgorithm
- type CryptographicDomainParameters
- type CryptographicParameters
- type CryptographicUsageMask
- type DRBGAlgorithm
- type DestroyAction
- type Digest
- type DigitalSignatureAlgorithm
- type EncodingOption
- type EncryptionKeyInformation
- type ExtensionInformation
- type FIPS186Variation
- type HashingAlgorithm
- type KeyBlock
- type KeyCompressionType
- type KeyFormatType
- type KeyMaterial
- type KeyRoleType
- type KeyValue
- type KeyValueLocation
- type KeyValueLocationType
- type KeyWrappingData
- type KeyWrappingSpecification
- type Link
- type LinkType
- type MACSignatureKeyInformation
- type MaskGenerator
- type MessageExtension
- type Name
- type NameType
- type Nonce
- type Object
- type ObjectGroupMember
- type ObjectType
- type OpaqueDataType
- type OpaqueObject
- type Operation
- type OperationPayload
- type PGPKey
- type PaddingMethod
- type PlainKeyValue
- type PrivateKey
- type ProfileInformation
- type ProfileName
- type ProtocolVersion
- type PublicKey
- type PutFunction
- type QueryFunction
- type RNGAlgorithm
- type RNGMode
- type RNGParameters
- type RecommendedCurve
- type RequestBatchItem
- type RequestHeader
- type RequestMessage
- type ResponseBatchItem
- type ResponseHeader
- type ResponseMessage
- type ResultReason
- type ResultStatus
- type RevocationReason
- type RevocationReasonCode
- type SecretData
- type SecretDataType
- type ShreddingAlgorithm
- type SplitKey
- type SplitKeyMethod
- type State
- type StorageStatusMask
- type SymmetricKey
- type Templatedeprecated
- type TemplateAttribute
- type TransparentECDSAPrivateKeydeprecated
- type TransparentECDSAPublicKeydeprecated
- type TransparentECPrivateKey
- type TransparentECPublicKey
- type TransparentRSAPrivateKey
- type TransparentRSAPublicKey
- type TransparentSymmetricKey
- type UnknownPayload
- type UnwrapMode
- type UsageLimits
- type UsageLimitsUnit
- type ValidationAuthorityType
- type ValidationInformation
- type ValidationType
- type ValidityIndicator
- type WrappingMethod
- type X_509CertificateIdentifier
- type X_509CertificateIssuer
- type X_509CertificateSubject
Examples ΒΆ
Constants ΒΆ
View Source
const ( // KMIP 1.0. TagActivationDate = 0x420001 TagApplicationData = 0x420002 TagApplicationNamespace = 0x420003 TagApplicationSpecificInformation = 0x420004 TagArchiveDate = 0x420005 TagAsynchronousCorrelationValue = 0x420006 TagAsynchronousIndicator = 0x420007 TagAttribute = 0x420008 TagAttributeIndex = 0x420009 TagAttributeName = 0x42000A TagAttributeValue = 0x42000B TagAuthentication = 0x42000C TagBatchCount = 0x42000D TagBatchErrorContinuationOption = 0x42000E TagBatchItem = 0x42000F TagBatchOrderOption = 0x420010 TagBlockCipherMode = 0x420011 TagCancellationResult = 0x420012 TagCertificate = 0x420013 // Deprecated: deprecated as of kmip 1.1. TagCertificateIdentifier = 0x420014 // Deprecated: deprecated as of kmip 1.1. TagCertificateIssuer = 0x420015 // Deprecated: deprecated as of kmip 1.1. TagCertificateIssuerAlternativeName = 0x420016 // Deprecated: deprecated as of kmip 1.1. TagCertificateIssuerDistinguishedName = 0x420017 TagCertificateRequest = 0x420018 TagCertificateRequestType = 0x420019 // Deprecated: deprecated as of kmip 1.1. TagCertificateSubject = 0x42001A // Deprecated: deprecated as of kmip 1.1. TagCertificateSubjectAlternativeName = 0x42001B // Deprecated: deprecated as of kmip 1.1. TagCertificateSubjectDistinguishedName = 0x42001C TagCertificateType = 0x42001D TagCertificateValue = 0x42001E TagCommonTemplateAttribute = 0x42001F TagCompromiseDate = 0x420020 TagCompromiseOccurrenceDate = 0x420021 TagContactInformation = 0x420022 TagCredential = 0x420023 TagCredentialType = 0x420024 TagCredentialValue = 0x420025 TagCriticalityIndicator = 0x420026 TagCRTCoefficient = 0x420027 TagCryptographicAlgorithm = 0x420028 TagCryptographicDomainParameters = 0x420029 TagCryptographicLength = 0x42002A TagCryptographicParameters = 0x42002B TagCryptographicUsageMask = 0x42002C TagCustomAttribute = 0x42002D TagD = 0x42002E TagDeactivationDate = 0x42002F TagDerivationData = 0x420030 TagDerivationMethod = 0x420031 TagDerivationParameters = 0x420032 TagDestroyDate = 0x420033 TagDigest = 0x420034 TagDigestValue = 0x420035 TagEncryptionKeyInformation = 0x420036 TagG = 0x420037 TagHashingAlgorithm = 0x420038 TagInitialDate = 0x420039 TagInitializationVector = 0x42003A // Deprecated: deprecated as of kmip 1.1. TagIssuer = 0x42003B TagIterationCount = 0x42003C TagIVCounterNonce = 0x42003D TagJ = 0x42003E TagKey = 0x42003F TagKeyBlock = 0x420040 TagKeyCompressionType = 0x420041 TagKeyFormatType = 0x420042 TagKeyMaterial = 0x420043 TagKeyPartIdentifier = 0x420044 TagKeyValue = 0x420045 TagKeyWrappingData = 0x420046 TagKeyWrappingSpecification = 0x420047 TagLastChangeDate = 0x420048 TagLeaseTime = 0x420049 TagLink = 0x42004A TagLinkType = 0x42004B TagLinkedObjectIdentifier = 0x42004C TagMACSignature = 0x42004D TagMACSignatureKeyInformation = 0x42004E TagMaximumItems = 0x42004F TagMaximumResponseSize = 0x420050 TagMessageExtension = 0x420051 TagModulus = 0x420052 TagName = 0x420053 TagNameType = 0x420054 TagNameValue = 0x420055 TagObjectGroup = 0x420056 TagObjectType = 0x420057 TagOffset = 0x420058 TagOpaqueDataType = 0x420059 TagOpaqueDataValue = 0x42005A TagOpaqueObject = 0x42005B TagOperation = 0x42005C // Deprecated: deprecated as of kmip 1.3. TagOperationPolicyName = 0x42005D TagP = 0x42005E TagPaddingMethod = 0x42005F TagPrimeExponentP = 0x420060 TagPrimeExponentQ = 0x420061 TagPrimeFieldSize = 0x420062 TagPrivateExponent = 0x420063 TagPrivateKey = 0x420064 TagPrivateKeyTemplateAttribute = 0x420065 TagPrivateKeyUniqueIdentifier = 0x420066 TagProcessStartDate = 0x420067 TagProtectStopDate = 0x420068 TagProtocolVersion = 0x420069 TagProtocolVersionMajor = 0x42006A TagProtocolVersionMinor = 0x42006B TagPublicExponent = 0x42006C TagPublicKey = 0x42006D TagPublicKeyTemplateAttribute = 0x42006E TagPublicKeyUniqueIdentifier = 0x42006F TagPutFunction = 0x420070 TagQ = 0x420071 TagQString = 0x420072 TagQlength = 0x420073 TagQueryFunction = 0x420074 TagRecommendedCurve = 0x420075 TagReplacedUniqueIdentifier = 0x420076 TagRequestHeader = 0x420077 TagRequestMessage = 0x420078 TagRequestPayload = 0x420079 TagResponseHeader = 0x42007A TagResponseMessage = 0x42007B TagResponsePayload = 0x42007C TagResultMessage = 0x42007D TagResultReason = 0x42007E TagResultStatus = 0x42007F TagRevocationMessage = 0x420080 TagRevocationReason = 0x420081 TagRevocationReasonCode = 0x420082 TagKeyRoleType = 0x420083 TagSalt = 0x420084 TagSecretData = 0x420085 TagSecretDataType = 0x420086 // Deprecated: deprecated as of kmip 1.1. TagSerialNumber = 0x420087 TagServerInformation = 0x420088 TagSplitKey = 0x420089 TagSplitKeyMethod = 0x42008A TagSplitKeyParts = 0x42008B TagSplitKeyThreshold = 0x42008C TagState = 0x42008D TagStorageStatusMask = 0x42008E TagSymmetricKey = 0x42008F TagTemplate = 0x420090 TagTemplateAttribute = 0x420091 TagTimeStamp = 0x420092 TagUniqueBatchItemID = 0x420093 TagUniqueIdentifier = 0x420094 TagUsageLimits = 0x420095 TagUsageLimitsCount = 0x420096 TagUsageLimitsTotal = 0x420097 TagUsageLimitsUnit = 0x420098 TagUsername = 0x420099 TagValidityDate = 0x42009A TagValidityIndicator = 0x42009B TagVendorExtension = 0x42009C TagVendorIdentification = 0x42009D TagWrappingMethod = 0x42009E TagX = 0x42009F TagY = 0x4200A0 TagPassword = 0x4200A1 // KMIP 1.1. TagDeviceIdentifier = 0x4200A2 TagEncodingOption = 0x4200A3 TagExtensionInformation = 0x4200A4 TagExtensionName = 0x4200A5 TagExtensionTag = 0x4200A6 TagExtensionType = 0x4200A7 TagFresh = 0x4200A8 TagMachineIdentifier = 0x4200A9 TagMediaIdentifier = 0x4200AA TagNetworkIdentifier = 0x4200AB TagObjectGroupMember = 0x4200AC TagCertificateLength = 0x4200AD TagDigitalSignatureAlgorithm = 0x4200AE TagCertificateSerialNumber = 0x4200AF TagDeviceSerialNumber = 0x4200B0 TagIssuerAlternativeName = 0x4200B1 TagIssuerDistinguishedName = 0x4200B2 TagSubjectAlternativeName = 0x4200B3 TagSubjectDistinguishedName = 0x4200B4 TagX_509CertificateIdentifier = 0x4200B5 TagX_509CertificateIssuer = 0x4200B6 TagX_509CertificateSubject = 0x4200B7 // KMIP 1.2. TagKeyValueLocationValue = 0x4200B9 TagKeyValueLocationType = 0x4200BA TagKeyValuePresent = 0x4200BB TagOriginalCreationDate = 0x4200BC TagPGPKey = 0x4200BD TagPGPKeyVersion = 0x4200BE TagAlternativeName = 0x4200BF TagAlternativeNameValue = 0x4200C0 TagAlternativeNameType = 0x4200C1 TagData = 0x4200C2 TagSignatureData = 0x4200C3 TagDataLength = 0x4200C4 TagRandomIV = 0x4200C5 TagMACData = 0x4200C6 TagAttestationType = 0x4200C7 TagNonce = 0x4200C8 TagNonceID = 0x4200C9 TagNonceValue = 0x4200CA TagAttestationMeasurement = 0x4200CB TagAttestationAssertion = 0x4200CC TagIVLength = 0x4200CD TagTagLength = 0x4200CE TagFixedFieldLength = 0x4200CF TagCounterLength = 0x4200D0 TagInitialCounterValue = 0x4200D1 TagInvocationFieldLength = 0x4200D2 TagAttestationCapableIndicator = 0x4200D3 TagKeyValueLocation = 0x4200B8 // KMIP 1.3. TagOffsetItems = 0x4200D4 TagLocatedItems = 0x4200D5 TagCorrelationValue = 0x4200D6 TagInitIndicator = 0x4200D7 TagFinalIndicator = 0x4200D8 TagRNGParameters = 0x4200D9 TagRNGAlgorithm = 0x4200DA TagDRBGAlgorithm = 0x4200DB TagFIPS186Variation = 0x4200DC TagPredictionResistance = 0x4200DD TagRandomNumberGenerator = 0x4200DE TagValidationInformation = 0x4200DF TagValidationAuthorityType = 0x4200E0 TagValidationAuthorityCountry = 0x4200E1 TagValidationAuthorityURI = 0x4200E2 TagValidationVersionMajor = 0x4200E3 TagValidationVersionMinor = 0x4200E4 TagValidationType = 0x4200E5 TagValidationLevel = 0x4200E6 TagValidationCertificateIdentifier = 0x4200E7 TagValidationCertificateURI = 0x4200E8 TagValidationVendorURI = 0x4200E9 TagValidationProfile = 0x4200EA TagProfileInformation = 0x4200EB TagProfileName = 0x4200EC TagServerURI = 0x4200ED TagServerPort = 0x4200EE TagStreamingCapability = 0x4200EF TagAsynchronousCapability = 0x4200F0 TagAttestationCapability = 0x4200F1 TagUnwrapMode = 0x4200F2 TagDestroyAction = 0x4200F3 TagShreddingAlgorithm = 0x4200F4 TagRNGMode = 0x4200F5 TagClientRegistrationMethod = 0x4200F6 TagCapabilityInformation = 0x4200F7 // KMIP 1.4. TagKeyWrapType = 0x4200F8 TagBatchUndoCapability = 0x4200F9 TagBatchContinueCapability = 0x4200FA TagPKCS_12FriendlyName = 0x4200FB TagDescription = 0x4200FC TagComment = 0x4200FD TagAuthenticatedEncryptionAdditionalData = 0x4200FE TagAuthenticatedEncryptionTag = 0x4200FF TagSaltLength = 0x420100 TagMaskGenerator = 0x420101 TagMaskGeneratorHashingAlgorithm = 0x420102 TagPSource = 0x420103 TagTrailerField = 0x420104 TagClientCorrelationValue = 0x420105 TagServerCorrelationValue = 0x420106 TagDigestedData = 0x420107 TagCertificateSubjectCN = 0x420108 TagCertificateSubjectO = 0x420109 TagCertificateSubjectOU = 0x42010A TagCertificateSubjectEmail = 0x42010B TagCertificateSubjectC = 0x42010C TagCertificateSubjectST = 0x42010D TagCertificateSubjectL = 0x42010E TagCertificateSubjectUID = 0x42010F TagCertificateSubjectSerialNumber = 0x420110 TagCertificateSubjectTitle = 0x420111 TagCertificateSubjectDC = 0x420112 TagCertificateSubjectDNQualifier = 0x420113 TagCertificateIssuerCN = 0x420114 TagCertificateIssuerO = 0x420115 TagCertificateIssuerOU = 0x420116 TagCertificateIssuerEmail = 0x420117 TagCertificateIssuerC = 0x420118 TagCertificateIssuerST = 0x420119 TagCertificateIssuerL = 0x42011A TagCertificateIssuerUID = 0x42011B TagCertificateIssuerSerialNumber = 0x42011C TagCertificateIssuerTitle = 0x42011D TagCertificateIssuerDC = 0x42011E TagCertificateIssuerDNQualifier = 0x42011F TagSensitive = 0x420120 TagAlwaysSensitive = 0x420121 TagExtractable = 0x420122 TagNeverExtractable = 0x420123 TagReplaceExisting = 0x420124 )
Variables ΒΆ
View Source
var ( V1_0 = ProtocolVersion{ProtocolVersionMajor: 1, ProtocolVersionMinor: 0} V1_1 = ProtocolVersion{ProtocolVersionMajor: 1, ProtocolVersionMinor: 1} V1_2 = ProtocolVersion{ProtocolVersionMajor: 1, ProtocolVersionMinor: 2} V1_3 = ProtocolVersion{ProtocolVersionMajor: 1, ProtocolVersionMinor: 3} V1_4 = ProtocolVersion{ProtocolVersionMajor: 1, ProtocolVersionMinor: 4} V2_0 = ProtocolVersion{ProtocolVersionMajor: 2, ProtocolVersionMinor: 0} V2_1 = ProtocolVersion{ProtocolVersionMajor: 2, ProtocolVersionMinor: 1} V2_2 = ProtocolVersion{ProtocolVersionMajor: 2, ProtocolVersionMinor: 2} )
View Source
var ( // AES_CBC_PKCS5 defines cryptographic parameters for AES encryption using CBC mode with PKCS5 padding. // It specifies the AES algorithm, CBC block cipher mode, PKCS5 padding method, and an IV length of 16 bytes. AES_CBC_PKCS5 = CryptographicParameters{ CryptographicAlgorithm: CryptographicAlgorithmAES, BlockCipherMode: BlockCipherModeCBC, PaddingMethod: PaddingMethodPKCS5, IVLength: 16, } // AES_GCM defines the cryptographic parameters for AES encryption using Galois/Counter Mode (GCM). // It specifies the use of the AES algorithm with GCM block cipher mode, an IV (Initialization Vector) length of 12 bytes, // and an authentication tag length of 16 bytes, which are standard values for AES-GCM operations. AES_GCM = CryptographicParameters{ CryptographicAlgorithm: CryptographicAlgorithmAES, BlockCipherMode: BlockCipherModeGCM, IVLength: 12, TagLength: 16, } // RSA_OAEP_SHA256 defines cryptographic parameters for RSA encryption using OAEP padding with SHA-256 as the hashing algorithm. // It specifies the use of the RSA cryptographic algorithm, SHA-256 for both the primary and mask generator hashing algorithms, // and MGF1 as the mask generation function. This configuration is commonly used for secure RSA OAEP encryption with SHA-256. RSA_OAEP_SHA256 = CryptographicParameters{ CryptographicAlgorithm: CryptographicAlgorithmRSA, HashingAlgorithm: HashingAlgorithmSHA_256, MaskGenerator: MaskGeneratorMGF1, MaskGeneratorHashingAlgorithm: HashingAlgorithmSHA_256, } // RSA_OAEP_SHA384 defines cryptographic parameters for RSA encryption using OAEP padding with SHA-384 as the hashing algorithm. // It specifies the use of the RSA cryptographic algorithm, SHA-384 for both the primary and mask generator hashing algorithms, // and MGF1 as the mask generation function. This configuration is commonly used for secure RSA OAEP encryption with SHA-384. RSA_OAEP_SHA384 = CryptographicParameters{ CryptographicAlgorithm: CryptographicAlgorithmRSA, HashingAlgorithm: HashingAlgorithmSHA_384, MaskGenerator: MaskGeneratorMGF1, MaskGeneratorHashingAlgorithm: HashingAlgorithmSHA_384, } // RSA_OAEP_SHA512 defines cryptographic parameters for RSA encryption using OAEP padding with SHA-512 as the hashing algorithm. // It specifies the use of the RSA cryptographic algorithm, SHA-512 for both the primary and mask generator hashing algorithms, // and MGF1 as the mask generation function. This configuration is commonly used for secure RSA OAEP encryption with SHA-512. RSA_OAEP_SHA512 = CryptographicParameters{ CryptographicAlgorithm: CryptographicAlgorithmRSA, HashingAlgorithm: HashingAlgorithmSHA_512, MaskGenerator: MaskGeneratorMGF1, MaskGeneratorHashingAlgorithm: HashingAlgorithmSHA_512, } )
View Source
var AllAttributeNames = []AttributeName{ AttributeNameUniqueIdentifier, AttributeNameName, AttributeNameObjectType, AttributeNameOperationPolicyName, AttributeNameObjectGroup, AttributeNameContactInformation, AttributeNameInitialDate, AttributeNameActivationDate, AttributeNameProcessStartDate, AttributeNameProtectStopDate, AttributeNameDeactivationDate, AttributeNameDestroyDate, AttributeNameCompromiseOccurrenceDate, AttributeNameCompromiseDate, AttributeNameArchiveDate, AttributeNameLastChangeDate, AttributeNameCryptographicLength, AttributeNameLeaseTime, AttributeNameCryptographicAlgorithm, AttributeNameCryptographicParameters, AttributeNameCryptographicDomainParameters, AttributeNameCertificateType, AttributeNameDigest, AttributeNameCryptographicUsageMask, AttributeNameState, AttributeNameRevocationReason, AttributeNameLink, AttributeNameCertificateIdentifier, AttributeNameCertificateSubject, AttributeNameCertificateIssuer, AttributeNameUsageLimits, AttributeNameApplicationSpecificInformation, AttributeNameCertificateLength, AttributeNameFresh, AttributeNameX509CertificateIdentifier, AttributeNameX509CertificateSubject, AttributeNameX509CertificateIssuer, AttributeNameDigitalSignatureAlgorithm, AttributeNameAlternativeName, AttributeNameKeyValuePresent, AttributeNameKeyValueLocation, AttributeNameOriginalCreationDate, AttributeNameRandomNumberGenerator, AttributeNamePKCS_12FriendlyName, AttributeNameDescription, AttributeNameComment, AttributeNameSensitive, AttributeNameAlwaysSensitive, AttributeNameExtractable, AttributeNameNeverExtractable, }
Functions ΒΆ
Types ΒΆ
type AlternativeName ΒΆ
type AlternativeName struct {
AlternativeNameValue string `ttlv:",omitempty"`
AlternativeNameType AlternativeNameType `ttlv:",omitempty"`
}
type AlternativeNameType ΒΆ
type AlternativeNameType uint32
const ( AlternativeNameTypeUninterpretedTextString AlternativeNameType = 0x00000001 AlternativeNameTypeURI AlternativeNameType = 0x00000002 AlternativeNameTypeObjectSerialNumber AlternativeNameType = 0x00000003 AlternativeNameTypeEmailAddress AlternativeNameType = 0x00000004 AlternativeNameTypeDNSName AlternativeNameType = 0x00000005 AlternativeNameTypeX_500DistinguishedName AlternativeNameType = 0x00000006 AlternativeNameTypeIPAddress AlternativeNameType = 0x00000007 )
func (AlternativeNameType) MarshalText ΒΆ added in v0.2.2
func (enum AlternativeNameType) MarshalText() ([]byte, error)
type AttestationType ΒΆ
type AttestationType uint32
const ( AttestationTypeTPMQuote AttestationType = 0x00000001 AttestationTypeTCGIntegrityReport AttestationType = 0x00000002 AttestationTypeSAMLAssertion AttestationType = 0x00000003 )
func (AttestationType) MarshalText ΒΆ added in v0.2.2
func (enum AttestationType) MarshalText() ([]byte, error)
type Attribute ΒΆ
type Attribute struct {
AttributeName AttributeName
AttributeIndex *int32
AttributeValue any
}
type AttributeName ΒΆ
type AttributeName string
const ( AttributeNameUniqueIdentifier AttributeName = "Unique Identifier" AttributeNameName AttributeName = "Name" AttributeNameObjectType AttributeName = "Object Type" // Deprecated: deprecated as of kmip 1.3. AttributeNameOperationPolicyName AttributeName = "Operation Policy Name" AttributeNameObjectGroup AttributeName = "Object Group" AttributeNameContactInformation AttributeName = "Contact Information" AttributeNameInitialDate AttributeName = "Initial Date" AttributeNameActivationDate AttributeName = "Activation Date" AttributeNameProcessStartDate AttributeName = "Process Start Date" AttributeNameProtectStopDate AttributeName = "Protect Stop Date" AttributeNameDeactivationDate AttributeName = "Deactivation Date" AttributeNameDestroyDate AttributeName = "Destroy Date" AttributeNameCompromiseOccurrenceDate AttributeName = "Compromise Occurrence Date" AttributeNameCompromiseDate AttributeName = "Compromise Date" AttributeNameArchiveDate AttributeName = "Archive Date" AttributeNameLastChangeDate AttributeName = "Last Change Date" AttributeNameCryptographicLength AttributeName = "Cryptographic Length" AttributeNameLeaseTime AttributeName = "Lease Time" AttributeNameCryptographicAlgorithm AttributeName = "Cryptographic Algorithm" AttributeNameCryptographicParameters AttributeName = "Cryptographic Parameters" AttributeNameCryptographicDomainParameters AttributeName = "Cryptographic Domain Parameters" AttributeNameCertificateType AttributeName = "Certificate Type" AttributeNameDigest AttributeName = "Digest" AttributeNameCryptographicUsageMask AttributeName = "Cryptographic Usage Mask" AttributeNameState AttributeName = "State" AttributeNameRevocationReason AttributeName = "Revocation Reason" AttributeNameLink AttributeName = "Link" // Deprecated: deprecated as of kmip 1.1. AttributeNameCertificateIdentifier AttributeName = "Certificate Identifier" // Deprecated: deprecated as of kmip 1.1. AttributeNameCertificateSubject AttributeName = "Certificate Subject" // Deprecated: deprecated as of kmip 1.1. AttributeNameCertificateIssuer AttributeName = "Certificate Issuer" AttributeNameUsageLimits AttributeName = "Usage Limits" AttributeNameApplicationSpecificInformation AttributeName = "Application Specific Information" // KMIP 1.1. AttributeNameCertificateLength AttributeName = "Certificate Length" AttributeNameFresh AttributeName = "Fresh" AttributeNameX509CertificateIdentifier AttributeName = "X.509 Certificate Identifier" AttributeNameX509CertificateSubject AttributeName = "X.509 Certificate Subject" AttributeNameX509CertificateIssuer AttributeName = "X.509 Certificate Issuer" AttributeNameDigitalSignatureAlgorithm AttributeName = "Digital Signature Algorithm" // KMIP 1.2. AttributeNameAlternativeName AttributeName = "Alternative Name" AttributeNameKeyValuePresent AttributeName = "Key Value Present" AttributeNameKeyValueLocation AttributeName = "Key Value Location" AttributeNameOriginalCreationDate AttributeName = "Original Creation Date" // KMIP 1.3. AttributeNameRandomNumberGenerator AttributeName = "Random Number Generator" // KMIP 1.4. AttributeNamePKCS_12FriendlyName AttributeName = "PKCS#12 Friendly Name" AttributeNameDescription AttributeName = "Description" AttributeNameComment AttributeName = "Comment" AttributeNameSensitive AttributeName = "Sensitive" AttributeNameAlwaysSensitive AttributeName = "Always Sensitive" AttributeNameExtractable AttributeName = "Extractable" AttributeNameNeverExtractable AttributeName = "Never Extractable" )
func (AttributeName) IsCustom ΒΆ
func (atn AttributeName) IsCustom() bool
IsCustom determines whether the AttributeName is considered custom. It returns true if the attribute name starts with "x-" or "y-", indicating a custom attribute.
type Authentication ΒΆ
type Authentication struct {
Credential Credential
// Starting from KMIP 1.2, Credential can be repeated
AdditionalCredential []Credential `ttlv:",version=v1.2.."`
}
type BatchErrorContinuationOption ΒΆ
type BatchErrorContinuationOption uint32
const ( BatchErrorContinuationOptionContinue BatchErrorContinuationOption = 1 BatchErrorContinuationOptionStop BatchErrorContinuationOption = 2 BatchErrorContinuationOptionUndo BatchErrorContinuationOption = 3 )
func (BatchErrorContinuationOption) MarshalText ΒΆ added in v0.2.2
func (enum BatchErrorContinuationOption) MarshalText() ([]byte, error)
type BlockCipherMode ΒΆ
type BlockCipherMode uint32
const ( BlockCipherModeCBC BlockCipherMode = 0x00000001 BlockCipherModeECB BlockCipherMode = 0x00000002 BlockCipherModePCBC BlockCipherMode = 0x00000003 BlockCipherModeCFB BlockCipherMode = 0x00000004 BlockCipherModeOFB BlockCipherMode = 0x00000005 BlockCipherModeCTR BlockCipherMode = 0x00000006 BlockCipherModeCMAC BlockCipherMode = 0x00000007 BlockCipherModeCCM BlockCipherMode = 0x00000008 BlockCipherModeGCM BlockCipherMode = 0x00000009 BlockCipherModeCBCMAC BlockCipherMode = 0x0000000A BlockCipherModeXTS BlockCipherMode = 0x0000000B BlockCipherModeAESKeyWrapPadding BlockCipherMode = 0x0000000C BlockCipherModeNISTKeyWrap BlockCipherMode = 0x0000000D BlockCipherModeX9_102AESKW BlockCipherMode = 0x0000000E BlockCipherModeX9_102TDKW BlockCipherMode = 0x0000000F BlockCipherModeX9_102AKW1 BlockCipherMode = 0x00000010 BlockCipherModeX9_102AKW2 BlockCipherMode = 0x00000011 // KMIP 1.4. BlockCipherModeAEAD BlockCipherMode = 0x00000012 )
func (BlockCipherMode) MarshalText ΒΆ added in v0.2.2
func (enum BlockCipherMode) MarshalText() ([]byte, error)
type CancellationResult ΒΆ
type CancellationResult uint32
const ( CancellationResultCanceled CancellationResult = 0x00000001 CancellationResultUnableToCancel CancellationResult = 0x00000002 CancellationResultCompleted CancellationResult = 0x00000003 CancellationResultFailed CancellationResult = 0x00000004 )
func (CancellationResult) MarshalText ΒΆ added in v0.2.2
func (enum CancellationResult) MarshalText() ([]byte, error)
type CapabilityInformation ΒΆ
type CapabilityInformation struct {
StreamingCapability *bool
AsynchronousCapability *bool
AttestationCapability *bool
BatchUndoCapability *bool `ttlv:",version=v1.4.."`
BatchContinueCapability *bool `ttlv:",version=v1.4.."`
UnwrapMode UnwrapMode `ttlv:",omitempty"`
DestroyAction DestroyAction `ttlv:",omitempty"`
ShreddingAlgorithm ShreddingAlgorithm `ttlv:",omitempty"`
RNGMode RNGMode `ttlv:",omitempty"`
}
type Certificate ΒΆ
type Certificate struct {
CertificateType CertificateType
CertificateValue []byte
}
func (*Certificate) ObjectType ΒΆ
func (sd *Certificate) ObjectType() ObjectType
func (*Certificate) PemCertificate ΒΆ added in v0.2.0
func (sd *Certificate) PemCertificate() (string, error)
PemCertificate returns the PEM encoded value of an x509 certificate. It returns an error if the kmip object is not a certificate of type X509, or if the certificate data is invalid.
func (*Certificate) X509Certificate ΒΆ
func (sd *Certificate) X509Certificate() (*x509.Certificate, error)
X509Certificate parses the CertificateValue field as an x509.Certificate if the CertificateType is CertificateTypeX_509. It returns a pointer to the parsed x509.Certificate and any error encountered during parsing. If the certificate type is not X.509, an error is returned indicating the unsupported type.
type CertificateIdentifier
deprecated
type CertificateIssuer
deprecated
type CertificateRequestType ΒΆ
type CertificateRequestType uint32
const ( CertificateRequestTypeCRMF CertificateRequestType = 0x00000001 CertificateRequestTypePKCS_10 CertificateRequestType = 0x00000002 CertificateRequestTypePEM CertificateRequestType = 0x00000003 CertificateRequestTypePGP CertificateRequestType = 0x00000004 )
func (CertificateRequestType) MarshalText ΒΆ added in v0.2.2
func (enum CertificateRequestType) MarshalText() ([]byte, error)
type CertificateSubject
deprecated
type CertificateType ΒΆ
type CertificateType uint32
const ( CertificateTypeX_509 CertificateType = 0x00000001 // Deprecated: deprecated as of version 1.2. CertificateTypePGP CertificateType = 0x00000002 )
func (CertificateType) MarshalText ΒΆ added in v0.2.2
func (enum CertificateType) MarshalText() ([]byte, error)
type ClientRegistrationMethod ΒΆ
type ClientRegistrationMethod uint32
const ( ClientRegistrationMethodUnspecified ClientRegistrationMethod = 0x00000001 ClientRegistrationMethodServerPreGenerated ClientRegistrationMethod = 0x00000002 ClientRegistrationMethodServerOnDemand ClientRegistrationMethod = 0x00000003 ClientRegistrationMethodClientGenerated ClientRegistrationMethod = 0x00000004 ClientRegistrationMethodClientRegistered ClientRegistrationMethod = 0x00000005 )
func (ClientRegistrationMethod) MarshalText ΒΆ added in v0.2.2
func (enum ClientRegistrationMethod) MarshalText() ([]byte, error)
type Credential ΒΆ
type Credential struct {
CredentialType CredentialType
CredentialValue CredentialValue
}
func (*Credential) TagDecodeTTLV ΒΆ
func (kb *Credential) TagDecodeTTLV(d *ttlv.Decoder, tag int) error
type CredentialType ΒΆ
type CredentialType uint32
const ( CredentialTypeUsernameAndPassword CredentialType = 0x00000001 // KMIP 1.1. CredentialTypeDevice CredentialType = 0x00000002 // KMIP 1.2. CredentialTypeAttestation CredentialType = 0x00000003 )
func (CredentialType) MarshalText ΒΆ added in v0.2.2
func (enum CredentialType) MarshalText() ([]byte, error)
type CredentialValue ΒΆ
type CredentialValue struct {
UserPassword *CredentialValueUserPassword
Device *CredentialValueDevice
Attestation *CredentialValueAttestation
}
func (*CredentialValue) TagEncodeTTLV ΒΆ
func (cred *CredentialValue) TagEncodeTTLV(e *ttlv.Encoder, tag int)
type CredentialValueAttestation ΒΆ
type CredentialValueAttestation struct {
Nonce Nonce
AttestationType AttestationType
AttestationMeasurement []byte `ttlv:",omitempty"`
AttestationAssertion []byte `ttlv:",omitempty"`
}
type CredentialValueDevice ΒΆ
type CryptographicAlgorithm ΒΆ
type CryptographicAlgorithm uint32
const ( CryptographicAlgorithmDES CryptographicAlgorithm = 0x00000001 CryptographicAlgorithm3DES CryptographicAlgorithm = 0x00000002 CryptographicAlgorithmAES CryptographicAlgorithm = 0x00000003 CryptographicAlgorithmRSA CryptographicAlgorithm = 0x00000004 CryptographicAlgorithmDSA CryptographicAlgorithm = 0x00000005 CryptographicAlgorithmECDSA CryptographicAlgorithm = 0x00000006 CryptographicAlgorithmHMACSHA1 CryptographicAlgorithm = 0x00000007 CryptographicAlgorithmHMACSHA224 CryptographicAlgorithm = 0x00000008 CryptographicAlgorithmHMACSHA256 CryptographicAlgorithm = 0x00000009 CryptographicAlgorithmHMACSHA384 CryptographicAlgorithm = 0x0000000A CryptographicAlgorithmHMACSHA512 CryptographicAlgorithm = 0x0000000B CryptographicAlgorithmHMACMD5 CryptographicAlgorithm = 0x0000000C CryptographicAlgorithmDH CryptographicAlgorithm = 0x0000000D CryptographicAlgorithmECDH CryptographicAlgorithm = 0x0000000E CryptographicAlgorithmECMQV CryptographicAlgorithm = 0x0000000F CryptographicAlgorithmBlowfish CryptographicAlgorithm = 0x00000010 CryptographicAlgorithmCamellia CryptographicAlgorithm = 0x00000011 CryptographicAlgorithmCAST5 CryptographicAlgorithm = 0x00000012 CryptographicAlgorithmIDEA CryptographicAlgorithm = 0x00000013 CryptographicAlgorithmMARS CryptographicAlgorithm = 0x00000014 CryptographicAlgorithmRC2 CryptographicAlgorithm = 0x00000015 CryptographicAlgorithmRC4 CryptographicAlgorithm = 0x00000016 CryptographicAlgorithmRC5 CryptographicAlgorithm = 0x00000017 CryptographicAlgorithmSKIPJACK CryptographicAlgorithm = 0x00000018 CryptographicAlgorithmTwofish CryptographicAlgorithm = 0x00000019 // KMIP 1.2. CryptographicAlgorithmEC CryptographicAlgorithm = 0x0000001A // KMIP 1.3. CryptographicAlgorithmOneTimePad CryptographicAlgorithm = 0x0000001B // KMIP 1.4. CryptographicAlgorithmChaCha20 CryptographicAlgorithm = 0x0000001C CryptographicAlgorithmPoly1305 CryptographicAlgorithm = 0x0000001D CryptographicAlgorithmChaCha20Poly1305 CryptographicAlgorithm = 0x0000001E CryptographicAlgorithmSHA3_224 CryptographicAlgorithm = 0x0000001F CryptographicAlgorithmSHA3_256 CryptographicAlgorithm = 0x00000020 CryptographicAlgorithmSHA3_384 CryptographicAlgorithm = 0x00000021 CryptographicAlgorithmSHA3_512 CryptographicAlgorithm = 0x00000022 CryptographicAlgorithmHMAC_SHA3_224 CryptographicAlgorithm = 0x00000023 CryptographicAlgorithmHMAC_SHA3_256 CryptographicAlgorithm = 0x00000024 CryptographicAlgorithmHMAC_SHA3_384 CryptographicAlgorithm = 0x00000025 CryptographicAlgorithmHMAC_SHA3_512 CryptographicAlgorithm = 0x00000026 CryptographicAlgorithmSHAKE_128 CryptographicAlgorithm = 0x00000027 CryptographicAlgorithmSHAKE_256 CryptographicAlgorithm = 0x00000028 )
func (CryptographicAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum CryptographicAlgorithm) MarshalText() ([]byte, error)
type CryptographicDomainParameters ΒΆ
type CryptographicDomainParameters struct {
Qlength int32 `ttlv:",omitempty"`
RecommendedCurve RecommendedCurve `ttlv:",omitempty"`
}
type CryptographicParameters ΒΆ
type CryptographicParameters struct {
BlockCipherMode BlockCipherMode `ttlv:",omitempty"`
PaddingMethod PaddingMethod `ttlv:",omitempty"`
HashingAlgorithm HashingAlgorithm `ttlv:",omitempty"`
KeyRoleType KeyRoleType `ttlv:",omitempty"`
DigitalSignatureAlgorithm DigitalSignatureAlgorithm `ttlv:",omitempty,version=v1.2.."`
CryptographicAlgorithm CryptographicAlgorithm `ttlv:",omitempty,version=v1.2.."`
RandomIV *bool `ttlv:",version=v1.2.."`
IVLength int32 `ttlv:",omitempty,version=v1.2.."`
TagLength int32 `ttlv:",omitempty,version=v1.2.."`
FixedFieldLength int32 `ttlv:",omitempty,version=v1.2.."`
InvocationFieldLength int32 `ttlv:",omitempty,version=v1.2.."`
CounterLength int32 `ttlv:",omitempty,version=v1.2.."`
InitialCounterValue *int32 `ttlv:",version=v1.2.."`
SaltLength *int32 `ttlv:",version=v1.4.."`
MaskGenerator MaskGenerator `ttlv:",omitempty,version=v1.4.."`
MaskGeneratorHashingAlgorithm HashingAlgorithm `ttlv:",omitempty,version=v1.4.."`
PSource []byte `ttlv:",omitempty,version=v1.4.."`
TrailerField *int32 `ttlv:",version=v1.4.."`
}
type CryptographicUsageMask ΒΆ
type CryptographicUsageMask int32
CryptographicUsageMask represents a set of bitmask flags indicating the permitted cryptographic operations that can be performed with a cryptographic object, such as encrypt, decrypt, sign, or verify. Each bit in the mask corresponds to a specific usage permission as defined by the KMIP specification. This type is used to restrict or allow certain cryptographic operations on keys and other objects.
const ( // CryptographicUsageSign allows the object to be used for signing operations. CryptographicUsageSign CryptographicUsageMask = 1 << iota // CryptographicUsageVerify allows the object to be used for signature verification. CryptographicUsageVerify // CryptographicUsageEncrypt allows the object to be used for encryption. CryptographicUsageEncrypt // CryptographicUsageDecrypt allows the object to be used for decryption. CryptographicUsageDecrypt // CryptographicUsageWrapKey allows the object to be used for key wrapping. CryptographicUsageWrapKey // CryptographicUsageUnwrapKey allows the object to be used for key unwrapping. CryptographicUsageUnwrapKey // CryptographicUsageExport allows the object to be exported. CryptographicUsageExport // CryptographicUsageMACGenerate allows the object to be used for MAC generation. CryptographicUsageMACGenerate // CryptographicUsageMACVerify allows the object to be used for verifying MAC. CryptographicUsageMACVerify // CryptographicUsageDeriveKey allows the object to be used for key derivation. CryptographicUsageDeriveKey // CryptographicUsageContentCommitment allows the object to be used for content commitment (non-repudiation). CryptographicUsageContentCommitment // CryptographicUsageKeyAgreement allows the object to be used for key agreement. CryptographicUsageKeyAgreement // CryptographicUsageCertificateSign allows the object to be used for certificate signing. CryptographicUsageCertificateSign // CryptographicUsageCRLSign allows the object to be used for CRL signing. CryptographicUsageCRLSign // CryptographicUsageGenerateCryptogram allows the object to be used for cryptogram generation. CryptographicUsageGenerateCryptogram // CryptographicUsageValidateCryptogram allows the object to be used for cryptogram validation. CryptographicUsageValidateCryptogram // CryptographicUsageTranslateEncrypt allows the object to be used for translation encryption. CryptographicUsageTranslateEncrypt // CryptographicUsageTranslateDecrypt allows the object to be used for translation decryption. CryptographicUsageTranslateDecrypt // CryptographicUsageTranslateWrap allows the object to be used for translation wrapping. CryptographicUsageTranslateWrap // CryptographicUsageTranslateUnwrap allows the object to be used for translation unwrapping. CryptographicUsageTranslateUnwrap )
func (CryptographicUsageMask) MarshalText ΒΆ added in v0.2.2
func (mask CryptographicUsageMask) MarshalText() ([]byte, error)
MarshalText returns a human-readable string representation of the CryptographicUsageMask. The string is a bitwise OR ("|") separated list of enabled usage flags. This method never returns an error.
type DRBGAlgorithm ΒΆ
type DRBGAlgorithm uint32
const ( DRBGAlgorithmUnspecified DRBGAlgorithm = 0x00000001 DRBGAlgorithmDual_EC DRBGAlgorithm = 0x00000002 DRBGAlgorithmHash DRBGAlgorithm = 0x00000003 DRBGAlgorithmHMAC DRBGAlgorithm = 0x00000004 DRBGAlgorithmCTR DRBGAlgorithm = 0x00000005 )
func (DRBGAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum DRBGAlgorithm) MarshalText() ([]byte, error)
type DestroyAction ΒΆ
type DestroyAction uint32
const ( DestroyActionUnspecified DestroyAction = 0x00000001 DestroyActionKeyMaterialDeleted DestroyAction = 0x00000002 DestroyActionKeyMaterialShredded DestroyAction = 0x00000003 DestroyActionMetaDataDeleted DestroyAction = 0x00000004 DestroyActionMetaDataShredded DestroyAction = 0x00000005 DestroyActionDeleted DestroyAction = 0x00000006 DestroyActionShredded DestroyAction = 0x00000007 )
func (DestroyAction) MarshalText ΒΆ added in v0.2.2
func (enum DestroyAction) MarshalText() ([]byte, error)
type Digest ΒΆ
type Digest struct {
HashingAlgorithm HashingAlgorithm
DigestValue []byte
KeyFormatType KeyFormatType `ttlv:",omitempty,version=1.1.."`
}
type DigitalSignatureAlgorithm ΒΆ
type DigitalSignatureAlgorithm uint32
const ( DigitalSignatureAlgorithmMD2WithRSAEncryption DigitalSignatureAlgorithm = 0x00000001 DigitalSignatureAlgorithmMD5WithRSAEncryption DigitalSignatureAlgorithm = 0x00000002 DigitalSignatureAlgorithmSHA_1WithRSAEncryption DigitalSignatureAlgorithm = 0x00000003 DigitalSignatureAlgorithmSHA_224WithRSAEncryption DigitalSignatureAlgorithm = 0x00000004 DigitalSignatureAlgorithmSHA_256WithRSAEncryption DigitalSignatureAlgorithm = 0x00000005 DigitalSignatureAlgorithmSHA_384WithRSAEncryption DigitalSignatureAlgorithm = 0x00000006 DigitalSignatureAlgorithmSHA_512WithRSAEncryption DigitalSignatureAlgorithm = 0x00000007 DigitalSignatureAlgorithmRSASSA_PSS DigitalSignatureAlgorithm = 0x00000008 DigitalSignatureAlgorithmDSAWithSHA_1 DigitalSignatureAlgorithm = 0x00000009 DigitalSignatureAlgorithmDSAWithSHA224 DigitalSignatureAlgorithm = 0x0000000A DigitalSignatureAlgorithmDSAWithSHA256 DigitalSignatureAlgorithm = 0x0000000B DigitalSignatureAlgorithmECDSAWithSHA_1 DigitalSignatureAlgorithm = 0x0000000C DigitalSignatureAlgorithmECDSAWithSHA224 DigitalSignatureAlgorithm = 0x0000000D DigitalSignatureAlgorithmECDSAWithSHA256 DigitalSignatureAlgorithm = 0x0000000E DigitalSignatureAlgorithmECDSAWithSHA384 DigitalSignatureAlgorithm = 0x0000000F DigitalSignatureAlgorithmECDSAWithSHA512 DigitalSignatureAlgorithm = 0x00000010 // KMIP 1.4. DigitalSignatureAlgorithmSHA3_256WithRSAEncryption DigitalSignatureAlgorithm = 0x00000011 DigitalSignatureAlgorithmSHA3_384WithRSAEncryption DigitalSignatureAlgorithm = 0x00000012 DigitalSignatureAlgorithmSHA3_512WithRSAEncryption DigitalSignatureAlgorithm = 0x00000013 )
func (DigitalSignatureAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum DigitalSignatureAlgorithm) MarshalText() ([]byte, error)
type EncodingOption ΒΆ
type EncodingOption uint32
const ( EncodingOptionNoEncoding EncodingOption = 0x00000001 EncodingOptionTTLVEncoding EncodingOption = 0x00000002 )
func (EncodingOption) MarshalText ΒΆ added in v0.2.2
func (enum EncodingOption) MarshalText() ([]byte, error)
type EncryptionKeyInformation ΒΆ
type EncryptionKeyInformation struct {
UniqueIdentifier string
CryptographicParameters *CryptographicParameters
}
type ExtensionInformation ΒΆ
type FIPS186Variation ΒΆ
type FIPS186Variation uint32
const ( FIPS186VariationUnspecified FIPS186Variation = 0x00000001 FIPS186VariationGPXOriginal FIPS186Variation = 0x00000002 FIPS186VariationGPXChangeNotice FIPS186Variation = 0x00000003 FIPS186VariationXOriginal FIPS186Variation = 0x00000004 FIPS186VariationXChangeNotice FIPS186Variation = 0x00000005 FIPS186VariationKOriginal FIPS186Variation = 0x00000006 FIPS186VariationKChangeNotice FIPS186Variation = 0x00000007 )
func (FIPS186Variation) MarshalText ΒΆ added in v0.2.2
func (enum FIPS186Variation) MarshalText() ([]byte, error)
type HashingAlgorithm ΒΆ
type HashingAlgorithm uint32
const ( HashingAlgorithmMD2 HashingAlgorithm = 0x00000001 HashingAlgorithmMD4 HashingAlgorithm = 0x00000002 HashingAlgorithmMD5 HashingAlgorithm = 0x00000003 HashingAlgorithmSHA_1 HashingAlgorithm = 0x00000004 HashingAlgorithmSHA_224 HashingAlgorithm = 0x00000005 HashingAlgorithmSHA_256 HashingAlgorithm = 0x00000006 HashingAlgorithmSHA_384 HashingAlgorithm = 0x00000007 HashingAlgorithmSHA_512 HashingAlgorithm = 0x00000008 HashingAlgorithmRIPEMD_160 HashingAlgorithm = 0x00000009 HashingAlgorithmTiger HashingAlgorithm = 0x0000000A HashingAlgorithmWhirlpool HashingAlgorithm = 0x0000000B // KMIP 1.2. HashingAlgorithmSHA_512_224 HashingAlgorithm = 0x0000000C HashingAlgorithmSHA_512_256 HashingAlgorithm = 0x0000000D // KMIP 1.4. HashingAlgorithmSHA_3_224 HashingAlgorithm = 0x0000000E HashingAlgorithmSHA_3_256 HashingAlgorithm = 0x0000000F HashingAlgorithmSHA_3_384 HashingAlgorithm = 0x00000010 HashingAlgorithmSHA_3_512 HashingAlgorithm = 0x00000011 )
func (HashingAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum HashingAlgorithm) MarshalText() ([]byte, error)
type KeyBlock ΒΆ
type KeyBlock struct {
KeyFormatType KeyFormatType
KeyCompressionType KeyCompressionType `ttlv:",omitempty"`
KeyValue *KeyValue
CryptographicAlgorithm CryptographicAlgorithm `ttlv:",omitempty"`
CryptographicLength int32 `ttlv:",omitempty"`
KeyWrappingData *KeyWrappingData
}
func (*KeyBlock) GetAttributes ΒΆ
func (*KeyBlock) GetMaterial ΒΆ
func (kb *KeyBlock) GetMaterial() (KeyMaterial, error)
type KeyCompressionType ΒΆ
type KeyCompressionType uint32
const ( KeyCompressionTypeECPublicKeyTypeUncompressed KeyCompressionType = 0x00000001 KeyCompressionTypeECPublicKeyTypeX9_62CompressedPrime KeyCompressionType = 0x00000002 KeyCompressionTypeECPublicKeyTypeX9_62CompressedChar2 KeyCompressionType = 0x00000003 KeyCompressionTypeECPublicKeyTypeX9_62Hybrid KeyCompressionType = 0x00000004 )
func (KeyCompressionType) MarshalText ΒΆ added in v0.2.2
func (enum KeyCompressionType) MarshalText() ([]byte, error)
type KeyFormatType ΒΆ
type KeyFormatType uint32
const ( KeyFormatTypeRaw KeyFormatType = 0x00000001 KeyFormatTypeOpaque KeyFormatType = 0x00000002 KeyFormatTypePKCS_1 KeyFormatType = 0x00000003 KeyFormatTypePKCS_8 KeyFormatType = 0x00000004 KeyFormatTypeX_509 KeyFormatType = 0x00000005 KeyFormatTypeECPrivateKey KeyFormatType = 0x00000006 KeyFormatTypeTransparentSymmetricKey KeyFormatType = 0x00000007 KeyFormatTypeTransparentDSAPrivateKey KeyFormatType = 0x00000008 KeyFormatTypeTransparentDSAPublicKey KeyFormatType = 0x00000009 KeyFormatTypeTransparentRSAPrivateKey KeyFormatType = 0x0000000A KeyFormatTypeTransparentRSAPublicKey KeyFormatType = 0x0000000B KeyFormatTypeTransparentDHPrivateKey KeyFormatType = 0x0000000C KeyFormatTypeTransparentDHPublicKey KeyFormatType = 0x0000000D // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECDSAPrivateKey KeyFormatType = 0x0000000E // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECDSAPublicKey KeyFormatType = 0x0000000F // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECDHPrivateKey KeyFormatType = 0x00000010 // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECDHPublicKey KeyFormatType = 0x00000011 // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECMQVPrivateKey KeyFormatType = 0x00000012 // Deprecated: deprecated as of kmip 1.3. KeyFormatTypeTransparentECMQVPublicKey KeyFormatType = 0x00000013 // KMIP 1.3. KeyFormatTypeTransparentECPrivateKey KeyFormatType = 0x00000014 KeyFormatTypeTransparentECPublicKey KeyFormatType = 0x00000015 // KMIP 1.4. KeyFormatTypePKCS_12 KeyFormatType = 0x00000016 )
func (KeyFormatType) MarshalText ΒΆ added in v0.2.2
func (enum KeyFormatType) MarshalText() ([]byte, error)
type KeyMaterial ΒΆ
type KeyMaterial struct {
Bytes *[]byte
TransparentSymmetricKey *TransparentSymmetricKey
TransparentRSAPrivateKey *TransparentRSAPrivateKey
TransparentRSAPublicKey *TransparentRSAPublicKey
TransparentECDSAPrivateKey *TransparentECDSAPrivateKey
TransparentECDSAPublicKey *TransparentECDSAPublicKey
TransparentECPrivateKey *TransparentECPrivateKey
TransparentECPublicKey *TransparentECPublicKey
}
func (*KeyMaterial) TagEncodeTTLV ΒΆ
func (km *KeyMaterial) TagEncodeTTLV(e *ttlv.Encoder, tag int)
type KeyRoleType ΒΆ
type KeyRoleType uint32
const ( KeyRoleTypeBDK KeyRoleType = 0x00000001 KeyRoleTypeCVK KeyRoleType = 0x00000002 KeyRoleTypeDEK KeyRoleType = 0x00000003 KeyRoleTypeMKAC KeyRoleType = 0x00000004 KeyRoleTypeMKSMC KeyRoleType = 0x00000005 KeyRoleTypeMKSMI KeyRoleType = 0x00000006 KeyRoleTypeMKDAC KeyRoleType = 0x00000007 KeyRoleTypeMKDN KeyRoleType = 0x00000008 KeyRoleTypeMKCP KeyRoleType = 0x00000009 KeyRoleTypeMKOTH KeyRoleType = 0x0000000A KeyRoleTypeKEK KeyRoleType = 0x0000000B KeyRoleTypeMAC16609 KeyRoleType = 0x0000000C KeyRoleTypeMAC97971 KeyRoleType = 0x0000000D KeyRoleTypeMAC97972 KeyRoleType = 0x0000000E KeyRoleTypeMAC97973 KeyRoleType = 0x0000000F KeyRoleTypeMAC97974 KeyRoleType = 0x00000010 KeyRoleTypeMAC97975 KeyRoleType = 0x00000011 KeyRoleTypeZPK KeyRoleType = 0x00000012 KeyRoleTypePVKIBM KeyRoleType = 0x00000013 KeyRoleTypePVKPVV KeyRoleType = 0x00000014 KeyRoleTypePVKOTH KeyRoleType = 0x00000015 // KMIP 1.4. KeyRoleTypeDUKPT KeyRoleType = 0x00000016 KeyRoleTypeIV KeyRoleType = 0x00000017 KeyRoleTypeTRKBK KeyRoleType = 0x00000018 )
func (KeyRoleType) MarshalText ΒΆ added in v0.2.2
func (enum KeyRoleType) MarshalText() ([]byte, error)
type KeyValue ΒΆ
type KeyValue struct {
Wrapped *[]byte
Plain *PlainKeyValue
}
type KeyValueLocation ΒΆ
type KeyValueLocation struct {
KeyValueLocationValue string `ttlv:",omitempty"`
KeyValueLocationType KeyValueLocationType `ttlv:",omitempty"`
}
type KeyValueLocationType ΒΆ
type KeyValueLocationType uint32
const ( KeyValueLocationTypeUninterpretedTextString KeyValueLocationType = 0x00000001 KeyValueLocationTypeURI KeyValueLocationType = 0x00000002 )
func (KeyValueLocationType) MarshalText ΒΆ added in v0.2.2
func (enum KeyValueLocationType) MarshalText() ([]byte, error)
type KeyWrappingData ΒΆ
type KeyWrappingData struct {
WrappingMethod WrappingMethod
EncryptionKeyInformation *EncryptionKeyInformation
MACSignatureKeyInformation *MACSignatureKeyInformation
MACSignature []byte `ttlv:",omitempty"`
IVCounterNonce []byte `ttlv:",omitempty"`
EncodingOption EncodingOption `ttlv:",omitempty,version=v1.1.."`
}
type KeyWrappingSpecification ΒΆ
type KeyWrappingSpecification struct {
WrappingMethod WrappingMethod
EncryptionKeyInformation *EncryptionKeyInformation
MACSignatureKeyInformation *MACSignatureKeyInformation
AttributeName []AttributeName
EncodingOption EncodingOption `ttlv:",omitempty,version=v1.1.."`
}
type LinkType ΒΆ
type LinkType uint32
const ( LinkTypeCertificateLink LinkType = 0x00000101 LinkTypePublicKeyLink LinkType = 0x00000102 LinkTypePrivateKeyLink LinkType = 0x00000103 LinkTypeDerivationBaseObjectLink LinkType = 0x00000104 LinkTypeDerivedKeyLink LinkType = 0x00000105 LinkTypeReplacementObjectLink LinkType = 0x00000106 LinkTypeReplacedObjectLink LinkType = 0x00000107 // KMIP 1.2. LinkTypeParentLink LinkType = 0x00000108 LinkTypeChildLink LinkType = 0x00000109 LinkTypePreviousLink LinkType = 0x0000010A LinkTypeNextLink LinkType = 0x0000010B // KMPI 1.4. LinkTypePKCS_12CertificateLink LinkType = 0x0000010C LinkTypePKCS_12PasswordLink LinkType = 0x0000010D //FIXME: This is defined in KMIP 2.0+ only. LinkTypeWrappingKeyLink LinkType = 0x0000010E )
func (LinkType) MarshalText ΒΆ added in v0.2.2
type MACSignatureKeyInformation ΒΆ
type MACSignatureKeyInformation struct {
UniqueIdentifier string
CryptographicParameters *CryptographicParameters
}
type MaskGenerator ΒΆ
type MaskGenerator uint32
const (
MaskGeneratorMGF1 MaskGenerator = 0x00000001
)
func (MaskGenerator) MarshalText ΒΆ added in v0.2.2
func (enum MaskGenerator) MarshalText() ([]byte, error)
type MessageExtension ΒΆ
type Object ΒΆ
type Object interface {
ObjectType() ObjectType
}
func NewObjectForType ΒΆ
func NewObjectForType(objType ObjectType) (Object, error)
TODO: Make it private.
type ObjectGroupMember ΒΆ
type ObjectGroupMember uint32
const ( ObjectGroupMemberFresh ObjectGroupMember = 0x00000001 ObjectGroupMemberDefault ObjectGroupMember = 0x00000002 )
func (ObjectGroupMember) MarshalText ΒΆ added in v0.2.2
func (enum ObjectGroupMember) MarshalText() ([]byte, error)
type ObjectType ΒΆ
type ObjectType uint32
const ( ObjectTypeCertificate ObjectType = 0x00000001 ObjectTypeSymmetricKey ObjectType = 0x00000002 ObjectTypePublicKey ObjectType = 0x00000003 ObjectTypePrivateKey ObjectType = 0x00000004 ObjectTypeSplitKey ObjectType = 0x00000005 // Deprecated: deprecated as of kmip 1.3. ObjectTypeTemplate ObjectType = 0x00000006 ObjectTypeSecretData ObjectType = 0x00000007 ObjectTypeOpaqueObject ObjectType = 0x00000008 // KMIP 1.2. ObjectTypePGPKey ObjectType = 0x00000009 )
func (ObjectType) MarshalText ΒΆ added in v0.2.2
func (enum ObjectType) MarshalText() ([]byte, error)
type OpaqueDataType ΒΆ
type OpaqueDataType uint32
func (OpaqueDataType) MarshalText ΒΆ added in v0.2.2
func (enum OpaqueDataType) MarshalText() ([]byte, error)
type OpaqueObject ΒΆ
type OpaqueObject struct {
OpaqueDataType OpaqueDataType
OpaqueDataValue []byte
}
func (*OpaqueObject) ObjectType ΒΆ
func (sd *OpaqueObject) ObjectType() ObjectType
type Operation ΒΆ
type Operation uint32
const ( OperationCreate Operation = 0x00000001 OperationCreateKeyPair Operation = 0x00000002 OperationRegister Operation = 0x00000003 OperationReKey Operation = 0x00000004 OperationDeriveKey Operation = 0x00000005 OperationCertify Operation = 0x00000006 OperationReCertify Operation = 0x00000007 OperationLocate Operation = 0x00000008 OperationCheck Operation = 0x00000009 OperationGet Operation = 0x0000000A OperationGetAttributes Operation = 0x0000000B OperationGetAttributeList Operation = 0x0000000C OperationAddAttribute Operation = 0x0000000D OperationModifyAttribute Operation = 0x0000000E OperationDeleteAttribute Operation = 0x0000000F OperationObtainLease Operation = 0x00000010 OperationGetUsageAllocation Operation = 0x00000011 OperationActivate Operation = 0x00000012 OperationRevoke Operation = 0x00000013 OperationDestroy Operation = 0x00000014 OperationArchive Operation = 0x00000015 OperationRecover Operation = 0x00000016 OperationValidate Operation = 0x00000017 OperationQuery Operation = 0x00000018 OperationCancel Operation = 0x00000019 OperationPoll Operation = 0x0000001A OperationNotify Operation = 0x0000001B OperationPut Operation = 0x0000001C // KMIP 1.1. OperationReKeyKeyPair Operation = 0x0000001D OperationDiscoverVersions Operation = 0x0000001E // KMIP 1.2. OperationEncrypt Operation = 0x0000001F OperationDecrypt Operation = 0x00000020 OperationSign Operation = 0x00000021 OperationSignatureVerify Operation = 0x00000022 OperationMAC Operation = 0x00000023 OperationMACVerify Operation = 0x00000024 OperationRNGRetrieve Operation = 0x00000025 OperationRNGSeed Operation = 0x00000026 OperationHash Operation = 0x00000027 OperationCreateSplitKey Operation = 0x00000028 OperationJoinSplitKey Operation = 0x00000029 // KMIP 1.4. OperationImport Operation = 0x0000002A OperationExport Operation = 0x0000002B )
func (Operation) MarshalText ΒΆ added in v0.2.2
type OperationPayload ΒΆ
type OperationPayload interface {
Operation() Operation
}
type PGPKey ΒΆ
func (*PGPKey) ObjectType ΒΆ
func (sd *PGPKey) ObjectType() ObjectType
type PaddingMethod ΒΆ
type PaddingMethod uint32
const ( PaddingMethodNone PaddingMethod = 0x00000001 PaddingMethodOAEP PaddingMethod = 0x00000002 PaddingMethodPKCS5 PaddingMethod = 0x00000003 PaddingMethodSSL3 PaddingMethod = 0x00000004 PaddingMethodZeros PaddingMethod = 0x00000005 PaddingMethodANSIX9_23 PaddingMethod = 0x00000006 PaddingMethodISO10126 PaddingMethod = 0x00000007 PaddingMethodPKCS1V1_5 PaddingMethod = 0x00000008 PaddingMethodX9_31 PaddingMethod = 0x00000009 PaddingMethodPSS PaddingMethod = 0x0000000A )
func (PaddingMethod) MarshalText ΒΆ added in v0.2.2
func (enum PaddingMethod) MarshalText() ([]byte, error)
type PlainKeyValue ΒΆ
type PlainKeyValue struct {
KeyMaterial KeyMaterial
Attribute []Attribute
}
type PrivateKey ΒΆ
type PrivateKey struct {
KeyBlock KeyBlock
}
func (*PrivateKey) CryptoPrivateKey ΒΆ added in v0.2.0
func (key *PrivateKey) CryptoPrivateKey() (crypto.PrivateKey, error)
CryptoPrivateKey parses and return the private key object into a go crypto.PrivateKey object.
func (*PrivateKey) ECDSA ΒΆ
func (key *PrivateKey) ECDSA() (*ecdsa.PrivateKey, error)
ECDSA returns the ECDSA private key represented by the PrivateKey object. It supports multiple key format types, including ECPrivateKey, PKCS#8, and transparent ECDSA/EC private key formats. The method parses the underlying key material and constructs an *ecdsa.PrivateKey. If the key format or curve is unsupported, or if the key material is invalid, an error is returned.
func (*PrivateKey) ObjectType ΒΆ
func (sd *PrivateKey) ObjectType() ObjectType
func (*PrivateKey) Pkcs8Pem ΒΆ added in v0.2.0
func (key *PrivateKey) Pkcs8Pem() (string, error)
Pkcs8Pem format the private key into the PEM encoding of its PKCS #8, ASN.1 DER form.
func (*PrivateKey) RSA ΒΆ
func (key *PrivateKey) RSA() (*rsa.PrivateKey, error)
RSA returns the RSA private key represented by the PrivateKey object. It supports multiple key format types, including PKCS#1, PKCS#8, and Transparent RSA Private Key. The method parses the key material according to the format and returns a *rsa.PrivateKey. If the key format is unsupported or the key material is invalid, an error is returned.
type ProfileInformation ΒΆ
type ProfileInformation struct {
ProfileName ProfileName
ServerURI string `ttlv:",omitempty"`
ServerPort int32 `ttlv:",omitempty"`
}
type ProfileName ΒΆ
type ProfileName uint32
const ( ProfileNameBaselineServerBasicKMIPV1_2 ProfileName = 0x00000001 ProfileNameBaselineServerTLSV1_2KMIPV1_2 ProfileName = 0x00000002 ProfileNameBaselineClientBasicKMIPV1_2 ProfileName = 0x00000003 ProfileNameBaselineClientTLSV1_2KMIPV1_2 ProfileName = 0x00000004 ProfileNameCompleteServerBasicKMIPV1_2 ProfileName = 0x00000005 ProfileNameCompleteServerTLSV1_2KMIPV1_2 ProfileName = 0x00000006 ProfileNameTapeLibraryClientKMIPV1_0 ProfileName = 0x00000007 ProfileNameTapeLibraryClientKMIPV1_1 ProfileName = 0x00000008 ProfileNameTapeLibraryClientKMIPV1_2 ProfileName = 0x00000009 ProfileNameTapeLibraryServerKMIPV1_0 ProfileName = 0x0000000A ProfileNameTapeLibraryServerKMIPV1_1 ProfileName = 0x0000000B ProfileNameTapeLibraryServerKMIPV1_2 ProfileName = 0x0000000C ProfileNameSymmetricKeyLifecycleClientKMIPV1_0 ProfileName = 0x0000000D ProfileNameSymmetricKeyLifecycleClientKMIPV1_1 ProfileName = 0x0000000E ProfileNameSymmetricKeyLifecycleClientKMIPV1_2 ProfileName = 0x0000000F ProfileNameSymmetricKeyLifecycleServerKMIPV1_0 ProfileName = 0x00000010 ProfileNameSymmetricKeyLifecycleServerKMIPV1_1 ProfileName = 0x00000011 ProfileNameSymmetricKeyLifecycleServerKMIPV1_2 ProfileName = 0x00000012 ProfileNameAsymmetricKeyLifecycleClientKMIPV1_0 ProfileName = 0x00000013 ProfileNameAsymmetricKeyLifecycleClientKMIPV1_1 ProfileName = 0x00000014 ProfileNameAsymmetricKeyLifecycleClientKMIPV1_2 ProfileName = 0x00000015 ProfileNameAsymmetricKeyLifecycleServerKMIPV1_0 ProfileName = 0x00000016 ProfileNameAsymmetricKeyLifecycleServerKMIPV1_1 ProfileName = 0x00000017 ProfileNameAsymmetricKeyLifecycleServerKMIPV1_2 ProfileName = 0x00000018 ProfileNameBasicCryptographicClientKMIPV1_2 ProfileName = 0x00000019 ProfileNameBasicCryptographicServerKMIPV1_2 ProfileName = 0x0000001A ProfileNameAdvancedCryptographicClientKMIPV1_2 ProfileName = 0x0000001B ProfileNameAdvancedCryptographicServerKMIPV1_2 ProfileName = 0x0000001C ProfileNameRNGCryptographicClientKMIPV1_2 ProfileName = 0x0000001D ProfileNameRNGCryptographicServerKMIPV1_2 ProfileName = 0x0000001E ProfileNameBasicSymmetricKeyFoundryClientKMIPV1_0 ProfileName = 0x0000001F ProfileNameIntermediateSymmetricKeyFoundryClientKMIPV1_0 ProfileName = 0x00000020 ProfileNameAdvancedSymmetricKeyFoundryClientKMIPV1_0 ProfileName = 0x00000021 ProfileNameBasicSymmetricKeyFoundryClientKMIPV1_1 ProfileName = 0x00000022 ProfileNameIntermediateSymmetricKeyFoundryClientKMIPV1_1 ProfileName = 0x00000023 ProfileNameAdvancedSymmetricKeyFoundryClientKMIPV1_1 ProfileName = 0x00000024 ProfileNameBasicSymmetricKeyFoundryClientKMIPV1_2 ProfileName = 0x00000025 ProfileNameIntermediateSymmetricKeyFoundryClientKMIPV1_2 ProfileName = 0x00000026 ProfileNameAdvancedSymmetricKeyFoundryClientKMIPV1_2 ProfileName = 0x00000027 ProfileNameSymmetricKeyFoundryServerKMIPV1_0 ProfileName = 0x00000028 ProfileNameSymmetricKeyFoundryServerKMIPV1_1 ProfileName = 0x00000029 ProfileNameSymmetricKeyFoundryServerKMIPV1_2 ProfileName = 0x0000002A ProfileNameOpaqueManagedObjectStoreClientKMIPV1_0 ProfileName = 0x0000002B ProfileNameOpaqueManagedObjectStoreClientKMIPV1_1 ProfileName = 0x0000002C ProfileNameOpaqueManagedObjectStoreClientKMIPV1_2 ProfileName = 0x0000002D ProfileNameOpaqueManagedObjectStoreServerKMIPV1_0 ProfileName = 0x0000002E ProfileNameOpaqueManagedObjectStoreServerKMIPV1_1 ProfileName = 0x0000002F ProfileNameOpaqueManagedObjectStoreServerKMIPV1_2 ProfileName = 0x00000030 ProfileNameSuiteBMinLOS_128ClientKMIPV1_0 ProfileName = 0x00000031 ProfileNameSuiteBMinLOS_128ClientKMIPV1_1 ProfileName = 0x00000032 ProfileNameSuiteBMinLOS_128ClientKMIPV1_2 ProfileName = 0x00000033 ProfileNameSuiteBMinLOS_128ServerKMIPV1_0 ProfileName = 0x00000034 ProfileNameSuiteBMinLOS_128ServerKMIPV1_1 ProfileName = 0x00000035 ProfileNameSuiteBMinLOS_128ServerKMIPV1_2 ProfileName = 0x00000036 ProfileNameSuiteBMinLOS_192ClientKMIPV1_0 ProfileName = 0x00000037 ProfileNameSuiteBMinLOS_192ClientKMIPV1_1 ProfileName = 0x00000038 ProfileNameSuiteBMinLOS_192ClientKMIPV1_2 ProfileName = 0x00000039 ProfileNameSuiteBMinLOS_192ServerKMIPV1_0 ProfileName = 0x0000003A ProfileNameSuiteBMinLOS_192ServerKMIPV1_1 ProfileName = 0x0000003B ProfileNameSuiteBMinLOS_192ServerKMIPV1_2 ProfileName = 0x0000003C ProfileNameStorageArrayWithSelfEncryptingDriveClientKMIPV1_0 ProfileName = 0x0000003D ProfileNameStorageArrayWithSelfEncryptingDriveClientKMIPV1_1 ProfileName = 0x0000003E ProfileNameStorageArrayWithSelfEncryptingDriveClientKMIPV1_2 ProfileName = 0x0000003F ProfileNameStorageArrayWithSelfEncryptingDriveServerKMIPV1_0 ProfileName = 0x00000040 ProfileNameStorageArrayWithSelfEncryptingDriveServerKMIPV1_1 ProfileName = 0x00000041 ProfileNameStorageArrayWithSelfEncryptingDriveServerKMIPV1_2 ProfileName = 0x00000042 ProfileNameHTTPSClientKMIPV1_0 ProfileName = 0x00000043 ProfileNameHTTPSClientKMIPV1_1 ProfileName = 0x00000044 ProfileNameHTTPSClientKMIPV1_2 ProfileName = 0x00000045 ProfileNameHTTPSServerKMIPV1_0 ProfileName = 0x00000046 ProfileNameHTTPSServerKMIPV1_1 ProfileName = 0x00000047 ProfileNameHTTPSServerKMIPV1_2 ProfileName = 0x00000048 ProfileNameJSONClientKMIPV1_0 ProfileName = 0x00000049 ProfileNameJSONClientKMIPV1_1 ProfileName = 0x0000004A ProfileNameJSONClientKMIPV1_2 ProfileName = 0x0000004B ProfileNameJSONServerKMIPV1_0 ProfileName = 0x0000004C ProfileNameJSONServerKMIPV1_1 ProfileName = 0x0000004D ProfileNameJSONServerKMIPV1_2 ProfileName = 0x0000004E ProfileNameXMLClientKMIPV1_0 ProfileName = 0x0000004F ProfileNameXMLClientKMIPV1_1 ProfileName = 0x00000050 ProfileNameXMLClientKMIPV1_2 ProfileName = 0x00000051 ProfileNameXMLServerKMIPV1_0 ProfileName = 0x00000052 ProfileNameXMLServerKMIPV1_1 ProfileName = 0x00000053 ProfileNameXMLServerKMIPV1_2 ProfileName = 0x00000054 ProfileNameBaselineServerBasicKMIPV1_3 ProfileName = 0x00000055 ProfileNameBaselineServerTLSV1_2KMIPV1_3 ProfileName = 0x00000056 ProfileNameBaselineClientBasicKMIPV1_3 ProfileName = 0x00000057 ProfileNameBaselineClientTLSV1_2KMIPV1_3 ProfileName = 0x00000058 ProfileNameCompleteServerBasicKMIPV1_3 ProfileName = 0x00000059 ProfileNameCompleteServerTLSV1_2KMIPV1_3 ProfileName = 0x0000005A ProfileNameTapeLibraryClientKMIPV1_3 ProfileName = 0x0000005B ProfileNameTapeLibraryServerKMIPV1_3 ProfileName = 0x0000005C ProfileNameSymmetricKeyLifecycleClientKMIPV1_3 ProfileName = 0x0000005D ProfileNameSymmetricKeyLifecycleServerKMIPV1_3 ProfileName = 0x0000005E ProfileNameAsymmetricKeyLifecycleClientKMIPV1_3 ProfileName = 0x0000005F ProfileNameAsymmetricKeyLifecycleServerKMIPV1_3 ProfileName = 0x00000060 ProfileNameBasicCryptographicClientKMIPV1_3 ProfileName = 0x00000061 ProfileNameBasicCryptographicServerKMIPV1_3 ProfileName = 0x00000062 ProfileNameAdvancedCryptographicClientKMIPV1_3 ProfileName = 0x00000063 ProfileNameAdvancedCryptographicServerKMIPV1_3 ProfileName = 0x00000064 ProfileNameRNGCryptographicClientKMIPV1_3 ProfileName = 0x00000065 ProfileNameRNGCryptographicServerKMIPV1_3 ProfileName = 0x00000066 ProfileNameBasicSymmetricKeyFoundryClientKMIPV1_3 ProfileName = 0x00000067 ProfileNameIntermediateSymmetricKeyFoundryClientKMIPV1_3 ProfileName = 0x00000068 ProfileNameAdvancedSymmetricKeyFoundryClientKMIPV1_3 ProfileName = 0x00000069 ProfileNameSymmetricKeyFoundryServerKMIPV1_3 ProfileName = 0x0000006A ProfileNameOpaqueManagedObjectStoreClientKMIPV1_3 ProfileName = 0x0000006B ProfileNameOpaqueManagedObjectStoreServerKMIPV1_3 ProfileName = 0x0000006C ProfileNameSuiteBMinLOS_128ClientKMIPV1_3 ProfileName = 0x0000006D ProfileNameSuiteBMinLOS_128ServerKMIPV1_3 ProfileName = 0x0000006E ProfileNameSuiteBMinLOS_192ClientKMIPV1_3 ProfileName = 0x0000006F ProfileNameSuiteBMinLOS_192ServerKMIPV1_3 ProfileName = 0x00000070 ProfileNameStorageArrayWithSelfEncryptingDriveClientKMIPV1_3 ProfileName = 0x00000071 ProfileNameStorageArrayWithSelfEncryptingDriveServerKMIPV1_3 ProfileName = 0x00000072 ProfileNameHTTPSClientKMIPV1_3 ProfileName = 0x00000073 ProfileNameHTTPSServerKMIPV1_3 ProfileName = 0x00000074 ProfileNameJSONClientKMIPV1_3 ProfileName = 0x00000075 ProfileNameJSONServerKMIPV1_3 ProfileName = 0x00000076 ProfileNameXMLClientKMIPV1_3 ProfileName = 0x00000077 ProfileNameXMLServerKMIPV1_3 ProfileName = 0x00000078 // KMIP 1.4. ProfileNameBaselineServerBasicKMIPV1_4 ProfileName = 0x00000079 ProfileNameBaselineServerTLSV1_2KMIPV1_4 ProfileName = 0x0000007A ProfileNameBaselineClientBasicKMIPV1_4 ProfileName = 0x0000007B ProfileNameBaselineClientTLSV1_2KMIPV1_4 ProfileName = 0x0000007C ProfileNameCompleteServerBasicKMIPV1_4 ProfileName = 0x0000007D ProfileNameCompleteServerTLSV1_2KMIPV1_4 ProfileName = 0x0000007E ProfileNameTapeLibraryClientKMIPV1_4 ProfileName = 0x0000007F ProfileNameTapeLibraryServerKMIPV1_4 ProfileName = 0x00000080 ProfileNameSymmetricKeyLifecycleClientKMIPV1_4 ProfileName = 0x00000081 ProfileNameSymmetricKeyLifecycleServerKMIPV1_4 ProfileName = 0x00000082 ProfileNameAsymmetricKeyLifecycleClientKMIPV1_4 ProfileName = 0x00000083 ProfileNameAsymmetricKeyLifecycleServerKMIPV1_4 ProfileName = 0x00000084 ProfileNameBasicCryptographicClientKMIPV1_4 ProfileName = 0x00000085 ProfileNameBasicCryptographicServerKMIPV1_4 ProfileName = 0x00000086 ProfileNameAdvancedCryptographicClientKMIPV1_4 ProfileName = 0x00000087 ProfileNameAdvancedCryptographicServerKMIPV1_4 ProfileName = 0x00000088 ProfileNameRNGCryptographicClientKMIPV1_4 ProfileName = 0x00000089 ProfileNameRNGCryptographicServerKMIPV1_4 ProfileName = 0x0000008A ProfileNameBasicSymmetricKeyFoundryClientKMIPV1_4 ProfileName = 0x0000008B ProfileNameIntermediateSymmetricKeyFoundryClientKMIPV1_4 ProfileName = 0x0000008C ProfileNameAdvancedSymmetricKeyFoundryClientKMIPV1_4 ProfileName = 0x0000008D ProfileNameSymmetricKeyFoundryServerKMIPV1_4 ProfileName = 0x0000008E ProfileNameOpaqueManagedObjectStoreClientKMIPV1_4 ProfileName = 0x0000008F ProfileNameOpaqueManagedObjectStoreServerKMIPV1_4 ProfileName = 0x00000090 ProfileNameSuiteBMinLOS_128ClientKMIPV1_4 ProfileName = 0x00000091 ProfileNameSuiteBMinLOS_128ServerKMIPV1_4 ProfileName = 0x00000092 ProfileNameSuiteBMinLOS_192ClientKMIPV1_4 ProfileName = 0x00000093 ProfileNameSuiteBMinLOS_192ServerKMIPV1_4 ProfileName = 0x00000094 ProfileNameStorageArrayWithSelfEncryptingDriveClientKMIPV1_4 ProfileName = 0x00000095 ProfileNameStorageArrayWithSelfEncryptingDriveServerKMIPV1_4 ProfileName = 0x00000096 ProfileNameHTTPSClientKMIPV1_4 ProfileName = 0x00000097 ProfileNameHTTPSServerKMIPV1_4 ProfileName = 0x00000098 ProfileNameJSONClientKMIPV1_4 ProfileName = 0x00000099 ProfileNameJSONServerKMIPV1_4 ProfileName = 0x0000009A ProfileNameXMLClientKMIPV1_4 ProfileName = 0x0000009B ProfileNameXMLServerKMIPV1_4 ProfileName = 0x0000009C )
func (ProfileName) MarshalText ΒΆ added in v0.2.2
func (enum ProfileName) MarshalText() ([]byte, error)
type ProtocolVersion ΒΆ
func (ProtocolVersion) Major ΒΆ
func (v ProtocolVersion) Major() int
func (ProtocolVersion) Minor ΒΆ
func (v ProtocolVersion) Minor() int
func (ProtocolVersion) String ΒΆ
func (pv ProtocolVersion) String() string
type PublicKey ΒΆ
type PublicKey struct {
KeyBlock KeyBlock
}
func (*PublicKey) CryptoPublicKey ΒΆ added in v0.2.0
CryptoPublicKey parses and return the public key object into a go crypto.PublicKey object.
func (*PublicKey) ECDSA ΒΆ
ECDSA returns the ECDSA public key represented by the PublicKey object. It supports multiple key format types, including X.509 SubjectPublicKeyInfo (SPKI) and transparent ECDSA/EC public key formats as defined by KMIP. For X.509 keys, it parses the DER-encoded public key. For transparent keys, it reconstructs the ECDSA public key from the curve parameters and public key material. Returns an error if the key format is unsupported, the key material is invalid, or the key is not an ECDSA public key.
func (*PublicKey) ObjectType ΒΆ
func (sd *PublicKey) ObjectType() ObjectType
func (*PublicKey) PkixPem ΒΆ added in v0.2.0
PkixPem format the public key value into a PEM encoding of its PKIX, ASN.1 DER form. The encoded public key is a SubjectPublicKeyInfo structure (see RFC 5280, Section 4.1).
func (*PublicKey) RSA ΒΆ
RSA returns the rsa.PublicKey representation of the PublicKey object. It supports multiple key format types, including PKCS#1, X.509 SubjectPublicKeyInfo (SPKI), and Transparent RSAPublicKey. The method parses the underlying key material according to the format type and returns the corresponding *rsa.PublicKey. If the key format is unsupported or the key material is invalid, an error is returned.
type PutFunction ΒΆ
type PutFunction uint32
const ( PutFunctionNew PutFunction = 0x00000001 PutFunctionReplace PutFunction = 0x00000002 )
func (PutFunction) MarshalText ΒΆ added in v0.2.2
func (enum PutFunction) MarshalText() ([]byte, error)
type QueryFunction ΒΆ
type QueryFunction uint32
const ( QueryFunctionOperations QueryFunction = 0x00000001 QueryFunctionObjects QueryFunction = 0x00000002 QueryFunctionServerInformation QueryFunction = 0x00000003 QueryFunctionApplicationNamespaces QueryFunction = 0x00000004 // KMIP 1.1. QueryFunctionExtensionList QueryFunction = 0x00000005 QueryFunctionExtensionMap QueryFunction = 0x00000006 // KMIP 1.2. QueryFunctionAttestationTypes QueryFunction = 0x00000007 // KMIP 1.3. QueryFunctionRNGs QueryFunction = 0x00000008 QueryFunctionValidations QueryFunction = 0x00000009 QueryFunctionProfiles QueryFunction = 0x0000000A QueryFunctionCapabilities QueryFunction = 0x0000000B QueryFunctionClientRegistrationMethods QueryFunction = 0x0000000C )
func (QueryFunction) MarshalText ΒΆ added in v0.2.2
func (enum QueryFunction) MarshalText() ([]byte, error)
type RNGAlgorithm ΒΆ
type RNGAlgorithm uint32
const ( RNGAlgorithmUnspecified RNGAlgorithm = 0x00000001 RNGAlgorithmFIPS186_2 RNGAlgorithm = 0x00000002 RNGAlgorithmDRBG RNGAlgorithm = 0x00000003 RNGAlgorithmNRBG RNGAlgorithm = 0x00000004 RNGAlgorithmANSIX9_31 RNGAlgorithm = 0x00000005 RNGAlgorithmANSIX9_62 RNGAlgorithm = 0x00000006 )
func (RNGAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum RNGAlgorithm) MarshalText() ([]byte, error)
type RNGMode ΒΆ
type RNGMode uint32
const ( RNGModeUnspecified RNGMode = 0x00000001 )
func (RNGMode) MarshalText ΒΆ added in v0.2.2
type RNGParameters ΒΆ
type RNGParameters struct {
RNGAlgorithm RNGAlgorithm `ttlv:",omitempty"`
CryptographicAlgorithm CryptographicAlgorithm `ttlv:",omitempty"`
CryptographicLength int32 `ttlv:",omitempty"`
HashingAlgorithm HashingAlgorithm `ttlv:",omitempty"`
DRBGAlgorithm DRBGAlgorithm `ttlv:",omitempty"`
RecommendedCurve RecommendedCurve `ttlv:",omitempty"`
FIPS186Variation FIPS186Variation `ttlv:",omitempty"`
PredictionResistance *bool
}
type RecommendedCurve ΒΆ
type RecommendedCurve uint32
const ( RecommendedCurveP_192 RecommendedCurve = 0x00000001 RecommendedCurveK_163 RecommendedCurve = 0x00000002 RecommendedCurveB_163 RecommendedCurve = 0x00000003 RecommendedCurveP_224 RecommendedCurve = 0x00000004 RecommendedCurveK_233 RecommendedCurve = 0x00000005 RecommendedCurveB_233 RecommendedCurve = 0x00000006 RecommendedCurveP_256 RecommendedCurve = 0x00000007 RecommendedCurveK_283 RecommendedCurve = 0x00000008 RecommendedCurveB_283 RecommendedCurve = 0x00000009 RecommendedCurveP_384 RecommendedCurve = 0x0000000A RecommendedCurveK_409 RecommendedCurve = 0x0000000B RecommendedCurveB_409 RecommendedCurve = 0x0000000C RecommendedCurveP_521 RecommendedCurve = 0x0000000D RecommendedCurveK_571 RecommendedCurve = 0x0000000E RecommendedCurveB_571 RecommendedCurve = 0x0000000F // KMIP 1.2. RecommendedCurveSECP112R1 RecommendedCurve = 0x00000010 RecommendedCurveSECP112R2 RecommendedCurve = 0x00000011 RecommendedCurveSECP128R1 RecommendedCurve = 0x00000012 RecommendedCurveSECP128R2 RecommendedCurve = 0x00000013 RecommendedCurveSECP160K1 RecommendedCurve = 0x00000014 RecommendedCurveSECP160R1 RecommendedCurve = 0x00000015 RecommendedCurveSECP160R2 RecommendedCurve = 0x00000016 RecommendedCurveSECP192K1 RecommendedCurve = 0x00000017 RecommendedCurveSECP224K1 RecommendedCurve = 0x00000018 RecommendedCurveSECP256K1 RecommendedCurve = 0x00000019 RecommendedCurveSECT113R1 RecommendedCurve = 0x0000001A RecommendedCurveSECT113R2 RecommendedCurve = 0x0000001B RecommendedCurveSECT131R1 RecommendedCurve = 0x0000001C RecommendedCurveSECT131R2 RecommendedCurve = 0x0000001D RecommendedCurveSECT163R1 RecommendedCurve = 0x0000001E RecommendedCurveSECT193R1 RecommendedCurve = 0x0000001F RecommendedCurveSECT193R2 RecommendedCurve = 0x00000020 RecommendedCurveSECT239K1 RecommendedCurve = 0x00000021 RecommendedCurveANSIX9P192V2 RecommendedCurve = 0x00000022 RecommendedCurveANSIX9P192V3 RecommendedCurve = 0x00000023 RecommendedCurveANSIX9P239V1 RecommendedCurve = 0x00000024 RecommendedCurveANSIX9P239V2 RecommendedCurve = 0x00000025 RecommendedCurveANSIX9P239V3 RecommendedCurve = 0x00000026 RecommendedCurveANSIX9C2PNB163V1 RecommendedCurve = 0x00000027 RecommendedCurveANSIX9C2PNB163V2 RecommendedCurve = 0x00000028 RecommendedCurveANSIX9C2PNB163V3 RecommendedCurve = 0x00000029 RecommendedCurveANSIX9C2PNB176V1 RecommendedCurve = 0x0000002A RecommendedCurveANSIX9C2TNB191V1 RecommendedCurve = 0x0000002B RecommendedCurveANSIX9C2TNB191V2 RecommendedCurve = 0x0000002C RecommendedCurveANSIX9C2TNB191V3 RecommendedCurve = 0x0000002D RecommendedCurveANSIX9C2PNB208W1 RecommendedCurve = 0x0000002E RecommendedCurveANSIX9C2TNB239V1 RecommendedCurve = 0x0000002F RecommendedCurveANSIX9C2TNB239V2 RecommendedCurve = 0x00000030 RecommendedCurveANSIX9C2TNB239V3 RecommendedCurve = 0x00000031 RecommendedCurveANSIX9C2PNB272W1 RecommendedCurve = 0x00000032 RecommendedCurveANSIX9C2PNB304W1 RecommendedCurve = 0x00000033 RecommendedCurveANSIX9C2TNB359V1 RecommendedCurve = 0x00000034 RecommendedCurveANSIX9C2PNB368W1 RecommendedCurve = 0x00000035 RecommendedCurveANSIX9C2TNB431R1 RecommendedCurve = 0x00000036 RecommendedCurveBRAINPOOLP160R1 RecommendedCurve = 0x00000037 RecommendedCurveBRAINPOOLP160T1 RecommendedCurve = 0x00000038 RecommendedCurveBRAINPOOLP192R1 RecommendedCurve = 0x00000039 RecommendedCurveBRAINPOOLP192T1 RecommendedCurve = 0x0000003A RecommendedCurveBRAINPOOLP224R1 RecommendedCurve = 0x0000003B RecommendedCurveBRAINPOOLP224T1 RecommendedCurve = 0x0000003C RecommendedCurveBRAINPOOLP256R1 RecommendedCurve = 0x0000003D RecommendedCurveBRAINPOOLP256T1 RecommendedCurve = 0x0000003E RecommendedCurveBRAINPOOLP320R1 RecommendedCurve = 0x0000003F RecommendedCurveBRAINPOOLP320T1 RecommendedCurve = 0x00000040 RecommendedCurveBRAINPOOLP384R1 RecommendedCurve = 0x00000041 RecommendedCurveBRAINPOOLP384T1 RecommendedCurve = 0x00000042 RecommendedCurveBRAINPOOLP512R1 RecommendedCurve = 0x00000043 RecommendedCurveBRAINPOOLP512T1 RecommendedCurve = 0x00000044 )
func (RecommendedCurve) Bitlen ΒΆ
func (crv RecommendedCurve) Bitlen() int32
Bitlen returns the bit length for the key using the curve.
func (RecommendedCurve) MarshalText ΒΆ added in v0.2.2
func (enum RecommendedCurve) MarshalText() ([]byte, error)
type RequestBatchItem ΒΆ
type RequestBatchItem struct {
Operation Operation
UniqueBatchItemID []byte `ttlv:",omitempty"`
RequestPayload OperationPayload
MessageExtension *MessageExtension
}
func (*RequestBatchItem) TagDecodeTTLV ΒΆ
func (pv *RequestBatchItem) TagDecodeTTLV(d *ttlv.Decoder, tag int) error
func (*RequestBatchItem) TagEncodeTTLV ΒΆ
func (pv *RequestBatchItem) TagEncodeTTLV(e *ttlv.Encoder, tag int)
type RequestHeader ΒΆ
type RequestHeader struct {
ProtocolVersion ProtocolVersion `ttlv:",set-version"`
MaximumResponseSize int32 `ttlv:",omitempty"`
ClientCorrelationValue string `ttlv:",omitempty,version=v1.4.."`
ServerCorrelationValue string `ttlv:",omitempty,version=v1.4.."`
AsynchronousIndicator *bool
AttestationCapableIndicator *bool `ttlv:",version=v1.2.."`
AttestationType []AttestationType `ttlv:",version=v1.2.."`
Authentication *Authentication
BatchErrorContinuationOption BatchErrorContinuationOption `ttlv:",omitempty"`
BatchOrderOption *bool
TimeStamp *time.Time
BatchCount int32
}
type RequestMessage ΒΆ
type RequestMessage struct {
Header RequestHeader
BatchItem []RequestBatchItem
}
func NewRequestMessage ΒΆ
func NewRequestMessage(version ProtocolVersion, payloads ...OperationPayload) RequestMessage
NewRequestMessage creates a new RequestMessage with the specified protocol version and one or more operation payloads. It sets the current timestamp (truncated to the nearest second) in the request header and assigns a batch count equal to the number of payloads provided. For each payload, a RequestBatchItem is created and added to the message. If multiple payloads are provided, each batch item is assigned a unique batch item ID based on its index. Panics if the number of payloads exceeds the maximum value for an int32.
type ResponseBatchItem ΒΆ
type ResponseBatchItem struct {
Operation Operation `ttlv:",omitempty"`
UniqueBatchItemID []byte `ttlv:",omitempty"`
ResultStatus ResultStatus
ResultReason ResultReason `ttlv:",omitempty"`
ResultMessage string `ttlv:",omitempty"`
AsynchronousCorrelationValue []byte `ttlv:",omitempty"`
ResponsePayload OperationPayload
MessageExtension *MessageExtension
}
func (*ResponseBatchItem) Err ΒΆ
func (bi *ResponseBatchItem) Err() error
Err returns an error if the ResponseBatchItem indicates a failure. If the ResultStatus is not ResultStatusSuccess, it constructs and returns an error describing the operation, status, reason, and message. Otherwise, it returns nil.
func (*ResponseBatchItem) TagDecodeTTLV ΒΆ
func (pv *ResponseBatchItem) TagDecodeTTLV(d *ttlv.Decoder, tag int) error
func (*ResponseBatchItem) TagEncodeTTLV ΒΆ
func (pv *ResponseBatchItem) TagEncodeTTLV(e *ttlv.Encoder, tag int)
type ResponseHeader ΒΆ
type ResponseHeader struct {
ProtocolVersion ProtocolVersion `ttlv:",set-version"`
TimeStamp time.Time
Nonce *Nonce `ttlv:",version=v1.2.."`
AttestationType []AttestationType `ttlv:",version=v1.2.."`
ClientCorrelationValue string `ttlv:",omitempty,version=v1.4.."`
ServerCorrelationValue string `ttlv:",omitempty,version=v1.4.."`
BatchCount int32
}
type ResponseMessage ΒΆ
type ResponseMessage struct {
Header ResponseHeader
BatchItem []ResponseBatchItem
}
type ResultReason ΒΆ
type ResultReason uint32
ResultReason represents the reason for a result in KMIP operations. It is used to provide additional context or explanation for the outcome of a KMIP request, typically indicating why a particular result occurred.
const ( ResultReasonItemNotFound ResultReason = 0x00000001 ResultReasonResponseTooLarge ResultReason = 0x00000002 ResultReasonAuthenticationNotSuccessful ResultReason = 0x00000003 ResultReasonInvalidMessage ResultReason = 0x00000004 ResultReasonOperationNotSupported ResultReason = 0x00000005 ResultReasonMissingData ResultReason = 0x00000006 ResultReasonInvalidField ResultReason = 0x00000007 ResultReasonFeatureNotSupported ResultReason = 0x00000008 ResultReasonOperationCanceledByRequester ResultReason = 0x00000009 ResultReasonCryptographicFailure ResultReason = 0x0000000A ResultReasonIllegalOperation ResultReason = 0x0000000B ResultReasonPermissionDenied ResultReason = 0x0000000C ResultReasonObjectarchived ResultReason = 0x0000000D ResultReasonIndexOutofBounds ResultReason = 0x0000000E ResultReasonApplicationNamespaceNotSupported ResultReason = 0x0000000F ResultReasonKeyFormatTypeNotSupported ResultReason = 0x00000010 ResultReasonKeyCompressionTypeNotSupported ResultReason = 0x00000011 // KMIP 1.1. ResultReasonEncodingOptionError ResultReason = 0x00000012 // KMIP 1.2. ResultReasonKeyValueNotPresent ResultReason = 0x00000013 ResultReasonAttestationRequired ResultReason = 0x00000014 ResultReasonAttestationFailed ResultReason = 0x00000015 // KMIP 1.4. ResultReasonSensitive ResultReason = 0x00000016 ResultReasonNotExtractable ResultReason = 0x00000017 ResultReasonObjectAlreadyExists ResultReason = 0x00000018 ResultReasonGeneralFailure ResultReason = 0x00000100 )
func (ResultReason) MarshalText ΒΆ added in v0.2.2
func (enum ResultReason) MarshalText() ([]byte, error)
type ResultStatus ΒΆ
type ResultStatus uint32
ResultStatus represents the status of a KMIP operation result as defined by the KMIP specification. It is typically used to indicate whether an operation was successful, failed, or resulted in a partial success. The underlying type is uint32, and specific status values are usually defined as constants.
const ( ResultStatusSuccess ResultStatus = 0x00000000 ResultStatusOperationFailed ResultStatus = 0x00000001 ResultStatusOperationPending ResultStatus = 0x00000002 ResultStatusOperationUndone ResultStatus = 0x00000003 )
func (ResultStatus) MarshalText ΒΆ added in v0.2.2
func (enum ResultStatus) MarshalText() ([]byte, error)
type RevocationReason ΒΆ
type RevocationReason struct {
RevocationReasonCode RevocationReasonCode `ttlv:",omitempty"`
RevocationMessage string `ttlv:",omitempty"`
}
type RevocationReasonCode ΒΆ
type RevocationReasonCode uint32
const ( RevocationReasonCodeUnspecified RevocationReasonCode = 0x00000001 RevocationReasonCodeKeyCompromise RevocationReasonCode = 0x00000002 RevocationReasonCodeCACompromise RevocationReasonCode = 0x00000003 RevocationReasonCodeAffiliationChanged RevocationReasonCode = 0x00000004 RevocationReasonCodeSuperseded RevocationReasonCode = 0x00000005 RevocationReasonCodeCessationOfOperation RevocationReasonCode = 0x00000006 RevocationReasonCodePrivilegeWithdrawn RevocationReasonCode = 0x00000007 )
func (RevocationReasonCode) MarshalText ΒΆ added in v0.2.2
func (enum RevocationReasonCode) MarshalText() ([]byte, error)
type SecretData ΒΆ
type SecretData struct {
SecretDataType SecretDataType
KeyBlock KeyBlock
}
func (*SecretData) Data ΒΆ
func (sd *SecretData) Data() ([]byte, error)
Data returns the raw bytes of the secret data if the KeyFormatType is either Raw or Opaque. For unsupported key format types, it returns an error indicating the unsupported type.
func (*SecretData) ObjectType ΒΆ
func (sd *SecretData) ObjectType() ObjectType
type SecretDataType ΒΆ
type SecretDataType uint32
const ( SecretDataTypePassword SecretDataType = 0x00000001 SecretDataTypeSeed SecretDataType = 0x00000002 )
func (SecretDataType) MarshalText ΒΆ added in v0.2.2
func (enum SecretDataType) MarshalText() ([]byte, error)
type ShreddingAlgorithm ΒΆ
type ShreddingAlgorithm uint32
const ( ShreddingAlgorithmUnspecified ShreddingAlgorithm = 0x00000001 ShreddingAlgorithmCryptographic ShreddingAlgorithm = 0x00000002 ShreddingAlgorithmUnsupported ShreddingAlgorithm = 0x00000003 )
func (ShreddingAlgorithm) MarshalText ΒΆ added in v0.2.2
func (enum ShreddingAlgorithm) MarshalText() ([]byte, error)
type SplitKey ΒΆ
type SplitKey struct {
SplitKeyParts int32
KeyPartIdentifier int32
SplitKeyThreshold int32
SplitKeyMethod SplitKeyMethod
PrimeFieldSize *big.Int
KeyBlock KeyBlock
}
func (*SplitKey) ObjectType ΒΆ
func (sd *SplitKey) ObjectType() ObjectType
type SplitKeyMethod ΒΆ
type SplitKeyMethod uint32
const ( SplitKeyMethodXOR SplitKeyMethod = 0x00000001 SplitKeyMethodPolynomialSharingGF216 SplitKeyMethod = 0x00000002 SplitKeyMethodPolynomialSharingPrimeField SplitKeyMethod = 0x00000003 // KMIP 1.2. SplitKeyMethodPolynomialSharingGF28 SplitKeyMethod = 0x00000004 )
func (SplitKeyMethod) MarshalText ΒΆ added in v0.2.2
func (enum SplitKeyMethod) MarshalText() ([]byte, error)
type State ΒΆ
type State uint32
State represents the various states that an object can be in within the KMIP (Key Management Interoperability Protocol) context. It is defined as a uint32 type and is typically used to indicate the lifecycle or status of a managed object.
func (State) MarshalText ΒΆ added in v0.2.2
type StorageStatusMask ΒΆ
type StorageStatusMask int32
StorageStatusMask represents a bitmask for storage status flags. It is used to indicate various storage states using bitwise operations. Each bit corresponds to a specific storage status as defined by the KMIP specification.
const ( // StorageStatusOnlineStorage indicates the object is in online storage. StorageStatusOnlineStorage StorageStatusMask = 1 << iota // StorageStatusArchivalStorage indicates the object is in archival storage. StorageStatusArchivalStorage )
func (StorageStatusMask) MarshalText ΒΆ added in v0.2.2
func (mask StorageStatusMask) MarshalText() ([]byte, error)
MarshalText returns a human-readable string representation of the StorageStatusMask. The string is a bitwise OR ("|") separated list of enabled storage status flags. This method never returns an error.
type SymmetricKey ΒΆ
type SymmetricKey struct {
KeyBlock KeyBlock
}
func (*SymmetricKey) KeyMaterial ΒΆ
func (sd *SymmetricKey) KeyMaterial() ([]byte, error)
KeyMaterial returns the raw key material as a byte slice for the SymmetricKey. It handles different key format types, including raw and transparent symmetric keys. If the key format is unsupported or the key material is empty, an error is returned.
func (*SymmetricKey) ObjectType ΒΆ
func (sd *SymmetricKey) ObjectType() ObjectType
type Template
deprecated
type Template struct {
Attribute []Attribute
}
Deprecated: deprecated as of KMIP 1.3.
func (*Template) ObjectType ΒΆ
func (sd *Template) ObjectType() ObjectType
type TemplateAttribute ΒΆ
type TransparentECDSAPrivateKey
deprecated
type TransparentECDSAPrivateKey TransparentECPrivateKey
Deprecated: deprecated in KMIP v1.3.
type TransparentECDSAPublicKey
deprecated
type TransparentECDSAPublicKey TransparentECPublicKey
Deprecated: deprecated in KMIP v1.3.
type TransparentECPrivateKey ΒΆ
type TransparentECPrivateKey struct {
RecommendedCurve RecommendedCurve
D big.Int
}
type TransparentECPublicKey ΒΆ
type TransparentECPublicKey struct {
RecommendedCurve RecommendedCurve
QString []byte
}
type TransparentSymmetricKey ΒΆ
type TransparentSymmetricKey struct {
Key []byte
}
type UnknownPayload ΒΆ
func NewUnknownPayload ΒΆ
func NewUnknownPayload(op Operation, fields ...ttlv.Value) *UnknownPayload
NewUnknownPayload creates a new UnknownPayload instance for the specified operation type, initializing it with the provided TTLV values as fields. This is useful for handling KMIP operations that are not explicitly supported or recognized by the implementation.
Parameters:
- op: The operation type for which the payload is being created.
- fields: A variadic list of ttlv.Value representing the fields to include in the payload.
Returns:
- A pointer to the constructed UnknownPayload.
func (*UnknownPayload) Operation ΒΆ
func (pl *UnknownPayload) Operation() Operation
func (*UnknownPayload) TagDecodeTTLV ΒΆ
func (v *UnknownPayload) TagDecodeTTLV(d *ttlv.Decoder, tag int) error
func (*UnknownPayload) TagEncodeTTLV ΒΆ
func (v *UnknownPayload) TagEncodeTTLV(e *ttlv.Encoder, tag int)
type UnwrapMode ΒΆ
type UnwrapMode uint32
const ( UnwrapModeUnspecified UnwrapMode = 0x00000001 UnwrapModeProcessed UnwrapMode = 0x00000002 UnwrapModeNotProcessed UnwrapMode = 0x00000003 )
func (UnwrapMode) MarshalText ΒΆ added in v0.2.2
func (enum UnwrapMode) MarshalText() ([]byte, error)
type UsageLimits ΒΆ
type UsageLimits struct {
UsageLimitsTotal int64
UsageLimitsCount *int64
UsageLimitsUnit UsageLimitsUnit `ttlv:",omitempty"`
}
func (UsageLimits) Equals ΒΆ
func (ul UsageLimits) Equals(other *UsageLimits) bool
type UsageLimitsUnit ΒΆ
type UsageLimitsUnit uint32
const ( UsageLimitsUnitByte UsageLimitsUnit = 0x00000001 UsageLimitsUnitObject UsageLimitsUnit = 0x00000002 )
func (UsageLimitsUnit) MarshalText ΒΆ added in v0.2.2
func (enum UsageLimitsUnit) MarshalText() ([]byte, error)
type ValidationAuthorityType ΒΆ
type ValidationAuthorityType uint32
const ( ValidationAuthorityTypeUnspecified ValidationAuthorityType = 0x00000001 ValidationAuthorityTypeNISTCMVP ValidationAuthorityType = 0x00000002 ValidationAuthorityTypeCommonCriteria ValidationAuthorityType = 0x00000003 )
func (ValidationAuthorityType) MarshalText ΒΆ added in v0.2.2
func (enum ValidationAuthorityType) MarshalText() ([]byte, error)
type ValidationInformation ΒΆ
type ValidationInformation struct {
ValidationAuthorityType ValidationAuthorityType
ValidationAuthorityCountry string `ttlv:",omitempty"`
ValidationAuthorityURI string `ttlv:",omitempty"`
ValidationVersionMajor int32
ValidationVersionMinor *int32
ValidationType ValidationType
ValidationLevel int32
ValidationCertificateIdentifier string `ttlv:",omitempty"`
ValidationCertificateURI string `ttlv:",omitempty"`
ValidationVendorURI string `ttlv:",omitempty"`
ValidationProfile []string
}
type ValidationType ΒΆ
type ValidationType uint32
const ( ValidationTypeUnspecified ValidationType = 0x00000001 ValidationTypeHardware ValidationType = 0x00000002 ValidationTypeSoftware ValidationType = 0x00000003 ValidationTypeFirmware ValidationType = 0x00000004 ValidationTypeHybrid ValidationType = 0x00000005 )
func (ValidationType) MarshalText ΒΆ added in v0.2.2
func (enum ValidationType) MarshalText() ([]byte, error)
type ValidityIndicator ΒΆ added in v0.2.4
type ValidityIndicator uint32
const ( ValidityIndicatorValid ValidityIndicator = 0x00000001 ValidityIndicatorInvalid ValidityIndicator = 0x00000002 ValidityIndicatorUnknown ValidityIndicator = 0x00000003 )
func (ValidityIndicator) MarshalText ΒΆ added in v0.2.4
func (enum ValidityIndicator) MarshalText() ([]byte, error)
type WrappingMethod ΒΆ
type WrappingMethod uint32
const ( WrappingMethodEncrypt WrappingMethod = 0x00000001 WrappingMethodMACSign WrappingMethod = 0x00000002 WrappingMethodEncryptThenMACSign WrappingMethod = 0x00000003 WrappingMethodMACSignThenEncrypt WrappingMethod = 0x00000004 WrappingMethodTR_31 WrappingMethod = 0x00000005 )
func (WrappingMethod) MarshalText ΒΆ added in v0.2.2
func (enum WrappingMethod) MarshalText() ([]byte, error)
type X_509CertificateIssuer ΒΆ
Source Files
ΒΆ
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
Package kmipclient provides a client implementation for interacting with KMIP (Key Management Interoperability Protocol) servers.
|
Package kmipclient provides a client implementation for interacting with KMIP (Key Management Interoperability Protocol) servers. |
|
Package kmiptest provides utilities for testing KMIP (Key Management Interoperability Protocol) servers and clients.
|
Package kmiptest provides utilities for testing KMIP (Key Management Interoperability Protocol) servers and clients. |
|
Package payloads provides types and functions for handling KMIP protocol payloads.
|
Package payloads provides types and functions for handling KMIP protocol payloads. |
|
Package ttlv provides low-level serialization and deserialization for the KMIP protocol as defined in the Oasis KMIP 1.4 specification, section 9.1.
|
Package ttlv provides low-level serialization and deserialization for the KMIP protocol as defined in the Oasis KMIP 1.4 specification, section 9.1. |
Click to show internal directories.
Click to hide internal directories.