KSL™ KMIP Server Protocol Library
KSL™ enables the easy addition of the OASIS KMIP protocol to your key server.
- Royalty Free License
- Available for Windows™ | Linux™ | Linux™ ARM (with source license)
Please contact our sales team if you have any questions.
The KSL™ KMIP Server Protocol Library provides the OASIS KMIP 1.0, 1.1, 1.2, 1.3 and 1.4 standards.
KSL provides a server-side KMIP protocol parser and all the functions needed to send properly encoded
responses back to KMIP clients. Server vendors must still implement all server-side mechanisms, but KSL
will handle the complexity of parsing and generating HTTPS, TTLV, XML, and JSON KMIP protocol messages.
- OASIS KMIP 1.0, 1.1, 1.2, 1.3, 1.4, and 2.0 standards
- C/C++ and Java Native Interface (JNI) language bindings
- Support for all KMIP encodings (HTTPS, TTLV, XML and JSON).
- Single API for All protocol flavors (HTTPS, TTLV, XML, and JSON)
- Cross Platform/Single Codebase - Windows and Linux x86/ARM
- Extensive Protocol Logging (log output in any of TTLV, XML and JSON)
KMIP 1.0 Operations Supported (both synchronous and asynchronous)
Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, and Server to Client operations: Notify, Put.KMIP 1.1 Operations Supported (both synchronous and asynchronous):
Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), and Server to Client operations: Notify, Put.KMIP 1.2 Operations Supported (both synchronous and asynchronous):
Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt, Decrypt, Sign, Signature Verify, MAC, MAC Verify, RNG Retrieve, RNG Seed, Hash, Create Split Key, Join Split Key, and Server to Client operations: Notify, Put.KMIP 1.3 and 1.4 Operations Supported (both synchronous and asynchronous):
Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate (extended), Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, and Server to Client operations: Notify, Put, Discover Versions (new), Query (new)KMIP 2.0 Operations Supported (both synchronous and asynchronous):
Create, Create Key Pair, Register, Re-key, Re-key Key Pair, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Discover Versions (synch only), Cancel, Poll, Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, Export, Import, Adjust Attribute, Delegated Login, Interop, Log, Login, Logout, PKCS#11, Set AttributeManaged Objects Supported
- Certificate
- Symmetric Key
- Public Key
- Private Key
- Split Key
- Template
- Secret Data
- Opaque Object
- PGP Key
- CSR
Cryptographic Algorithms
- DES
- 3DES
- DES-X
- AES (including counter mode)
- RSA
- DSA
- Blowfish
- CAST5
- RC2
- IDEA
- EC
- ECDSA
- ECMQV
- ECDH
- DH
- HMAC-SHA1
- HMAC-SHA224
- HMAC-SHA256
- HMAC-SHA384
- HMAC-SHA512
- HMAC-MD2
- HMAC-MD4
- HMAC-MD5
Supported Key Formats
- Raw
- Opaque
- PKCS#1
- PKCS#8
- PKCS#12
- X.509
- Transparent ECDSA Private Key
- Transparent ECDSA Public Key
- Transparent ECDH Private Key
- Transparent ECDH Public Key
- Transparent ECMQV Private Key
- Transparent ECMQV Public Key
- Transparent Symmetric Key
- Transparent DSA Public Key
- Transparent DSA Private Key
- Transparent RSA Public Key
- Transparent RSA Private Key
Supported Platforms
KSL™ is currently supported on the following platforms:- Windows 10 (32bit/64bit), Windows Server 2016+ (32bit/64bit)
- Linux x86 Kernel 2.6+ (32bit/64bit)
- Linux ARM Kernel 2.6+ (32bit/64bit) (with source license)
KSL KMIP Server Library follows the standards defined in these documents.
The OASIS Key management Interoperability Protocol (KMIP) defines a single, comprehensive
protocol for communication between encryption systems and a broad range of new and
legacy enterprise applications, including email, databases, and storage devices.
Go to OASIS Key Management
Interoperability Protocol (KMIP) Technical Committee to learn more about the KMIP
standard.
OASIS PKCS #11 is a standard for cryptographic tokens controlling authentication information
(personal identity, cryptographic keys, certificates, digital signatures, biometric data).
Go to OASIS PKCS #11 Technical
Committee to learn more about the PKCS #11 standard.
Standards Reference Documents
KMIP 1.0 Specification, OASIS Standard, 01 Oct 2010 |
KMIP 1.0 Profiles Specification, OASIS Standard, 01 Oct 2010 |
KMIP 1.1 Specification, OASIS Standard, 24 Jan 2013 |
KMIP 1.1 Profiles Specification, OASIS Standard, 24 Jan 2013 |
KMIP 1.2 Specification, OASIS Standard, 19 May 2015 |
KMIP 1.2 Profiles Specification, OASIS Standard, 19 May 2015 |
KMIP 1.3 Specification, OASIS Standard, 27 Dec 2016 |
KMIP 1.3 Profiles Specification, OASIS Standard, 27 Dec 2016 |
KMIP 1.3 Usage Guide, Committee Note Draft 01, 03 Dec 2015 |
KMIP 1.4 Specification, Committee Specification Draft 01, 09 March 2017 |
KMIP 1.4 Profiles Specification, Committee Specification Draft 01, 30 March 2017 |
KMIP 2.0 Specification, OASIS Standard, 31 October 2019 |
KMIP 2.0 Profiles Specification, OASIS Standard, 31 October 2019 |
KMIP 2.0 Test Cases, Committee Note01, 24 October2019 |
KMIP 2.1 Specification, Committee Specification Draft01, 12 December2019 |
KMIP 2.1 Profiles Specification, Committee Specification Draft 02 /Public Review Draft 01, 06 February 2020 |
P6R is an OASIS member and a contributing member of the
OASIS Key Management Interoperability Protocol (KMIP) Technical Commitee and of the OASIS PKCS 11 Technical Commitee.
Current Documentation
KSL 2018.1 Developers Guide
Licensing and Upgrades
Our "Develop Anywhere / Deploy Anywhere"™ License Highlights
- Per-product license, no per developer costs.
- Royalty free runtime. The DLLs can be redistributed royalty free with your product on any supported platforms.
- One license covers all platforms. No need to purchase a license for each platform.
- Site licenses are also available.
- Contact Sales for licensing options.
Our products and licenses are designed to enable you to develop, test and deploy your solutions on any platform or
platforms (that we support) without per-seat or per-platform restrictions.