Contact
SupportThis document was updated on 23 August 2014.
As part of the process of modifying our KMIP 1.0 protocol implementation to support the new KMIP 1.1 specification we compared the two specifications and listed all of differences in the following document. Once we had this information we updated our KMIP 1.0 implementation to take the new KMIP 1.1 changes into account. Note, that all section numbers below are from the KMIP 1.1 draft unless otherwise stated.
P6R now ships a KMIP Client SDK that is a full implementation of KMIP 1.0, 1.1, and 1.2 protocol versions. Detailed information on that product can be found at https://www.p6r.com/software/skc.html
1. Section 2.1.2 Credential – A new Credential Value structure is defined for Device Credentials. KMIP 1.0 only had Username and Password credentials.
2. Section 2.1.5 Key Wrapping Data – the new “Encoding Option” enumeration field is added to the Key Wrapping Data Object Structure.
3. Section 2.1.6 Key Wrapping Specification – the new “Encoding Option” enumeration field is added to the Key Wrapping Specification Object Structure.
4. Section 2.1.9 Extension Information defining the Extension Information Structure is new to KMIP 1.1.
5. Section 3.9 Certificate Length Attribute is new.
6. Sections 3.10 X.509 Certificate Identifier, 3.11 X.509 Certificate Subject, and 3.12 X.509 Certficate Issuer are all new.
7. Sections 3.13 Certificate Identifier (was Section 3.9 in KMIP 1.0), 3.14 Certificate Subject (was Section 3.10), and 3.15 Certificate Issuer (was Section 3.11) are all deprecated in KMIP 1.1.
8. Section 3.16 Digital Signature Algorithm is new.
9. Section 3.17 Digest (was Section 3.12 in KMIP 1.0) – the new “Key Format Type” enumeration field is added to the Digest Attribute Structure.
10. Section 3.34 Fresh Attribute is new.
11. Section 4.5 Re-key Key Pair request is new. Also Re-key Key Pair is added to Section 3.18.2.1 Default Operation Policy for Secret Objects.
12. Section 4.9 Locate (was Section 4.8 in KMIP 1.0) – the new “Object Group Member” enumeration field is added to the Locate Request Payload. Section 4.10 Check (was Section 4.9 in KMIP 1.0) – in the response payload the Unique Identifier field is not always
13. Section 4.25 Query (was Section 4.24) – the new “Extension Information” structure is added to the Query Response Payload.
14. Section 4.26 Discover Versions request is new.
15. Section 9.1.3.1 Tags has the following deprecated tags – Certificate Identifier, Certificate Issuer, Certificate Issuer Alternative Name, Certificate Issuer Distinguished Name, Certificate Subject, Certificate Subject Alternative Name, Certificate Subject Distinguished Name, Issuer, Serial Number.
16. Section 9.1.3.1 Tags has the following new tags added – from Device Identifier (0x4200A2) to X.509 Certificate Subject (0x4200B7). Also the “(Reserved)” tag range has been moved to start at 0x4200B8.
17. Section 9.1.3.2.7 Digital Signature Algorithm Enumeration is new.
18. Section 9.1.3.2.32 Encoding Option Enumeration is new.
19. Section 9.1.3.2.33 Object Group Member Enumeration is new.
20. Section 11.4 Register, the “Encoding Option” error definition is added.
21. Section 11.6 Re-key Key Pair (Error Handling) is new.
22. Section 11.12 Get has new items added to the error handling table.
