Home  » Products  » KSL
KSL™ KMIP Server Protocol Library
KSL™ enables the easy addition of the OASIS KMIP protocol to your key server.
  • Royalty Free License
  • Available for Windows™ | Linux™ | Linux™ ARM (with source license)
Please contact our sales team if you have any questions.
The KSL™ KMIP Server Protocol Library provides the OASIS KMIP 1.0, 1.1, 1.2, 1.3 and 1.4 standards.
KSL provides a server-side KMIP protocol parser and all the functions needed to send properly encoded responses back to KMIP clients. Server vendors must still implement all server-side mechanisms, but KSL will handle the complexity of parsing and generating HTTPS, TTLV, XML, and JSON KMIP protocol messages.
  • OASIS KMIP 1.0, 1.1, 1.2, 1.3, 1.4, and 2.0 standards
  • C/C++ and Java Native Interface (JNI) language bindings
  • Support for all KMIP encodings (HTTPS, TTLV, XML and JSON).
  • Single API for All protocol flavors (HTTPS, TTLV, XML, and JSON)
  • Cross Platform/Single Codebase - Windows and Linux x86/ARM
  • Extensive Protocol Logging (log output in any of TTLV, XML and JSON)

KMIP 1.0 Operations Supported (both synchronous and asynchronous)

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, and Server to Client operations: Notify, Put.

KMIP 1.1 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), and Server to Client operations: Notify, Put.

KMIP 1.2 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt, Decrypt, Sign, Signature Verify, MAC, MAC Verify, RNG Retrieve, RNG Seed, Hash, Create Split Key, Join Split Key, and Server to Client operations: Notify, Put.

KMIP 1.3 and 1.4 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate (extended), Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, and Server to Client operations: Notify, Put, Discover Versions (new), Query (new)

KMIP 2.0 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Re-key Key Pair, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Discover Versions (synch only), Cancel, Poll, Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, Export, Import, Adjust Attribute, Delegated Login, Interop, Log, Login, Logout, PKCS#11, Set Attribute

Managed Objects Supported

  • Certificate
  • Symmetric Key
  • Public Key
  • Private Key
  • Split Key
  • Template
  • Secret Data
  • Opaque Object
  • PGP Key
  • CSR

Cryptographic Algorithms

  • DES
  • 3DES
  • DES-X
  • AES (including counter mode)
  • RSA
  • DSA
  • Blowfish
  • CAST5
  • RC2
  • IDEA
  • EC
  • ECDSA
  • ECMQV
  • ECDH
  • DH
  • HMAC-SHA1
  • HMAC-SHA224
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • HMAC-MD2
  • HMAC-MD4
  • HMAC-MD5

Supported Key Formats

  • Raw
  • Opaque
  • PKCS#1
  • PKCS#8
  • PKCS#12
  • X.509
  • Transparent ECDSA Private Key
  • Transparent ECDSA Public Key
  • Transparent ECDH Private Key
  • Transparent ECDH Public Key
  • Transparent ECMQV Private Key
  • Transparent ECMQV Public Key
  • Transparent Symmetric Key
  • Transparent DSA Public Key
  • Transparent DSA Private Key
  • Transparent RSA Public Key
  • Transparent RSA Private Key

Supported Platforms

KSL™ is currently supported on the following platforms:

  • Windows 10 (32bit/64bit), Windows Server 2016+ (32bit/64bit)
  • Linux x86 Kernel 2.6+ (32bit/64bit)
  • Linux ARM Kernel 2.6+ (32bit/64bit) (with source license)
KSL KMIP Server Library follows the standards defined in these documents.
The OASIS Key management Interoperability Protocol (KMIP) defines a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. Go to OASIS Key Management Interoperability Protocol (KMIP) Technical Committee to learn more about the KMIP standard.
OASIS PKCS #11 is a standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data). Go to OASIS PKCS #11 Technical Committee to learn more about the PKCS #11 standard.

Standards Reference Documents

KMIP 1.0 Specification, OASIS Standard, 01 Oct 2010
KMIP 1.0 Profiles Specification, OASIS Standard, 01 Oct 2010
KMIP 1.1 Specification, OASIS Standard, 24 Jan 2013
KMIP 1.1 Profiles Specification, OASIS Standard, 24 Jan 2013
KMIP 1.2 Specification, OASIS Standard, 19 May 2015
KMIP 1.2 Profiles Specification, OASIS Standard, 19 May 2015
KMIP 1.3 Specification, OASIS Standard, 27 Dec 2016
KMIP 1.3 Profiles Specification, OASIS Standard, 27 Dec 2016
KMIP 1.3 Usage Guide, Committee Note Draft 01, 03 Dec 2015
KMIP 1.4 Specification, Committee Specification Draft 01, 09 March 2017
KMIP 1.4 Profiles Specification, Committee Specification Draft 01, 30 March 2017
KMIP 2.0 Specification, OASIS Standard, 31 October 2019
KMIP 2.0 Profiles Specification, OASIS Standard, 31 October 2019
KMIP 2.0 Test Cases, Committee Note01, 24 October2019
KMIP 2.1 Specification, Committee Specification Draft01, 12 December2019
KMIP 2.1 Profiles Specification, Committee Specification Draft 02 /Public Review Draft 01, 06 February 2020

Current Documentation

KSL 2018.1 Developers Guide

Licensing and Upgrades


Our "Develop Anywhere / Deploy Anywhere"™ License Highlights

  • Per-product license, no per developer costs.
  • Royalty free runtime. The DLLs can be redistributed royalty free with your product on any supported platforms.
  • One license covers all platforms. No need to purchase a license for each platform.
  • Site licenses are also available.
  • Contact Sales for licensing options.
Our products and licenses are designed to enable you to develop, test and deploy your solutions on any platform or platforms (that we support) without per-seat or per-platform restrictions.