Home  » Products  » SKC
SKC™ Secure KMIP Client
SKC™ enables the easy addition of KMIP based interoperable key management to your application.
  • Royalty Free License
  • Available for Windows™ | Linux™ | Linux™ ARM (with source license)
Please contact our sales team if you have any questions.

What's New

  • Many bug fixes and optimizations.
  • Java JNI and Python language bindings
  • GCC v5+ compiler support.
  • ARM processor Support (with source license).
The SKC™ SDK provides a full implementation of the OASIS KMIP 1.0, 1.1, 1.2, 1.3, 1.4, 2.0 and 2.1 standards. Online documentation and examples are available.
  • Layered, Interface Based C/C++ API
  • Java JNI and Python language bindings
  • PKCS11 v2.40 compliant C based API
  • Full Client Implementation (TTLV, XML and JSON).
  • Single API for All protocol flavors (TTLV, XML, and JSON)
  • Extensive Protocol Logging (TTLV, XML and JSON)
  • Suite B support.
  • Many New Examples (we are always adding more)
  • High level crypto API
  • Cross Platform/Single Codebase - Windows and Linux x86 - ARM (with source license)
  • Standards Compliant (see the Standards and Conformance tabs)
  • Support for KMIP put and notify.

Interoperability

P6R is committed to ensuring interoperability of its KMIP client SDK with all KMIP servers and we are continually working with server vendors to ensure interoperability. SKC has been tested and works with the following KMIP servers:
  • Cryptsoft C KMIP Server
  • Cryptsoft Java KMIP Server
  • Dell KMIP Server
  • Fornetix Key Orchestration Server
  • Hancom Secure KeyManager
  • KeyNexus Universal Key Manager
  • Kryptus kNET HSM
  • Microfocus ESKM Server (formerly HPE)
  • IBM SKLM Server
  • QuintessenceLabs qCrypt Server
  • SafeNet KeySecure Server
  • Thales KeyAuthority KMIP Server
  • Townsend Security Alliance Key Manager
  • Unbound UKC Server
  • Utimaco KeyServer
  • Vormetric Data Security Manager KMIP Server
  • StorMagic SvKMS

Layered API

The SKC™ SDK provides several different layers of abstraction, each building on the previous, enabling developers to use whichever layer or layers best suit their needs.

Layer 0 - Protocol Parser/Generator

This layer of the API provides full binary KMIP protocol message parsing and message generation. It is used to parse existing (already received) KMIP protocol messages or generate KMIP protocol message to be sent.

Layer 1 - Functional API

Layer 1 implements a slight higher level API that is more functional in nature, providing the base functionality for the various KMIP protocol interactions (connect to the server, create key, delete key, etc).

Layer 2 - DOM Tree

Layer 2 provides our DOM-tree API. Our DOM-tree has been enhanced to efficiently support binary data types. Utilizing a plugin it populates the DOM-tree with KMIP messages using the layer 1 APIs. Since a KMIP message is essentially a tree of nested structures this translation is straight forward. Once in the DOM tree, the data can be output in any supported format (XML, JSON, JsonML and a KMIP binary messages).

Layer 3 - XSLT/XPATH

This layer uses P6R's XSLT 2.0 and XPath 2.0 components. These components are now able to interact with the KMIP binary data in the DOM-tree, allowing it to be search, transformed, modified, etc using standard XSLT and XPath. For example, XSLT could be used to take just out part of a KMIP message, create a new message, or transform the entire message into yet another format (eg. SOAP or XML-RPC).

Full Client Implementation

The SKC™ SDK implements:
  • TTLV (Tag, Type, Length, Value) over SSL/TLS
  • TTLV over HTTPS
  • XML over HTTPS
  • JSON over HTTPS

KMIP 1.0 Operations Supported (both synchronous and asynchronous)

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, and Server to Client operations: Notify, Put.

KMIP 1.1 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), and Server to Client operations: Notify, Put.

KMIP 1.2 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt, Decrypt, Sign, Signature Verify, MAC, MAC Verify, RNG Retrieve, RNG Seed, Hash, Create Split Key, Join Split Key, and Server to Client operations: Notify, Put.

KMIP 1.3 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate (extended), Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, and Server to Client operations: Notify, Put, Discover Versions (new), Query (new)

KMIP 1.4 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Re-key Key Pair, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Discover Versions (synch only), Cancel, Poll, Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, Export, import, and Server to Client operations: Notify, Put, Discover Versions, Query

Objects Supported: Certificate, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key

KMIP 2.0 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Re-key Key Pair, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Discover Versions (synch only), Cancel, Poll, Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, Export, Import, Adjust Attribute, Delegated Login, Interop, Log, Login, Logout, PKCS#11, Set Attribute, and Server to Client operations: Notify, Put, Discover Versions, Query

Objects Supported: Certificate, Certificate Request, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key

KMIP 2.1 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Re-key Key Pair, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Discover Versions (synch only), Cancel, Poll, Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, Export, Import, Adjust Attribute, Delegated Login, Interop, Log, Login, Logout, PKCS#11, Set Attribute, Get Constraints, Set Constraints, Set Defaults, Ping, Process, Query Asynchronous Requests, and Server to Client operations: Notify, Put, Discover Versions, Query

Objects Supported: Certificate, Certificate Request, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key

Cryptographic Algorithms

  • DES
  • 3DES
  • AES
  • RSA
  • DSA
  • ECDSA
  • HMAC-SHA1
  • HMAC-SHA224
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • HMAC-MD5
  • DH
  • ECDH
  • ECMQV
  • Blowfish
  • Camellia
  • CAST5
  • IDEA
  • MARS
  • RC2
  • RC4
  • RC5
  • SKIPJACK
  • Twofish
  • EC
  • OneTimePad
  • ChaCha20
  • Poly1305
  • ChaCha20Poly1305
  • SHA3-224
  • SHA3-256
  • SHA3-384
  • SHA3-512
  • HMAC-SHA3-224
  • HMAC-SHA3-256
  • HMAC-SHA3-384
  • HMAC-SHA3-512
  • SHAKE-128
  • SHAKE-256
  • ARIA
  • SEED
  • SM2
  • SM3
  • SM4
  • GOST-R34.10_2012
  • GOST-R34.11_2012
  • GOST-R34.13_2015
  • GOST-28147-89
  • XMSS
  • SPHINCS-256
  • McEliece
  • McEliece-6960119
  • McEliece-8192128
  • Ed25519
  • Ed448

Supported Key Formats

  • Raw
  • Opaque
  • PKCS#1
  • PKCS#8
  • PKCS#12
  • X.509
  • Transparent ECDSA Private Key
  • Transparent ECDSA Public Key
  • Transparent ECDH Private Key
  • Transparent ECDH Public Key
  • Transparent ECMQV Private Key
  • Transparent ECMQV Public Key
  • Transparent Symmetric Key
  • Transparent DSA Public Key
  • Transparent DSA Private Key
  • Transparent RSA Public Key
  • Transparent RSA Private Key

Supported Platforms

SKC™ is currently supported on the following platforms:

  • Windows 10 (32bit/64bit), Windows Server 2016+ (32bit/64bit)
  • Linux x86 Kernel 2.6+ (32bit/64bit)
  • Linux ARM Kernel 2.6+ (32bit/64bit) (with source license)
  • FreeBSD 10 x86 (64bit)
Included in the SKC Secure KMIP Client SDK, is our PKCS11 library that meets the requirements for conformance of a PKCS 11 Extended Provider and Authentication Token (see PKCS11 Cryptographic Token Interface Profiles Version 2.40, 14-Apr-2015, OASIS Committee Specification 01). The library currently provides two tokens (The "KMIP" and "Keystore" tokens) and may be extended by customers to provide their own token types via a plugin interface.

The KMIP Token

This token uses the facilities of a remote KMIP server to implement the features of the PKCS 11 Version 2.40 API allowing developers familiar with PKCS11 to store their keys on a KMIP server without having to learn about the KMIP protocol or KMIP SDKs. Our PKCS11 library allows the definition of any number of KMIP tokens all pointing to the same or different KMIP servers.

The Keystore Software Token

This token uses P6Rs cryptographic API and local secure Keystore to implement the features of the PKCS 11 Version 2.40 API. Our PKCS11 library allows the definition of any number of Keystore software tokens where each token gets its own separate secure Keystore to manage PKCS 11 objects.

HSM Tokens

We have added tokens for these popular HSM's:
  • DocuSign ARX PrivateServer HSM
  • FutureX HSM
  • Utimaco Atalla HSM (Network Security Processor)
  • nCipher/Thales nShield Connect HSM
  • Utimaco CryptoServer HSM
  • AWS CloudHSM
Using our PKCS11 library which included as part of the SKC Secure KMIP Client SDK, your applications can now leverage these tokens to communicate with any of these HSM's.

PKCS11 Functions Implemented By The KMIP Token

  • C_Initialize
  • C_Finalize
  • C_GetInfo
  • C_GetFunctionList
  • C_GetSlotList
  • C_GetSlotInfo
  • C_GetTokenInfo
  • C_GetMechanismList
  • C_GetMechanismInfo
  • C_InitToken
  • C_InitPIN
  • C_SetPIN
  • C_OpenSession
  • C_CloseSession
  • C_CloseAllSessions
  • C_GetSessionInfo
  • C_Login
  • C_Logout
  • C_CreateObject
  • C_DestroyObject
  • C_GetAttributeValue
  • C_SetAttributeValue
  • C_FindObjectsInit
  • C_FindObjects
  • C_FindObjectsFinal
  • C_GenerateKey (not including domain parameters)
  • C_GenerateKeyPair
  • C_SeedRandom
  • C_GenerateRandom
  • C_SignInit
  • C_Sign
  • C_VerifyInit
  • C_Verify
  • C_EncryptInit
  • C_Encrypt
  • C_EncryptUpdate
  • C_EncryptFinal
  • C_DecryptInit
  • C_Decrypt
  • C_DecryptUpdate
  • C_DecryptFinal
  • C_DigestInit
  • C_Digest
  • C_DigestUpdate
  • C_DigestKey
  • C_DigestFinal
  • C_WrapKey
  • C_UnwrapKey (if the KMIP server supports unwrapping)

PKCS11 Functions Implemented By The Keystore Token

  • C_Initialize
  • C_Finalize
  • C_GetInfo
  • C_GetFunctionList
  • C_GetSlotList
  • C_GetSlotInfo
  • C_GetTokenInfo
  • C_GetMechanismList
  • C_GetMechanismInfo
  • C_InitToken
  • C_InitPIN
  • C_SetPIN
  • C_OpenSession
  • C_FindObjectsFinal
  • C_CloseSession
  • C_CloseAllSessions
  • C_GetSessionInfo
  • C_Login
  • C_Logout
  • C_CreateObject
  • C_DestroyObject
  • C_GetAttributeValue
  • C_SetAttributeValue
  • C_FindObjectsInit
  • C_FindObjects
  • C_FindObjectsFinal
  • C_GenerateKey (not including domain parameters)
  • C_GenerateKeyPair
  • C_GenerateRandom
  • C_SignInit
  • C_Sign
  • C_VerifyInit
  • C_Verify
  • C_EncryptInit
  • C_Encrypt
  • C_EncryptUpdate
  • C_EncryptFinal
  • C_DecryptInit
  • C_Decrypt
  • C_DecryptUpdate
  • C_DecryptFinal
  • C_DigestInit
  • C_Digest
  • C_DigestUpdate
  • C_DigestFinal
The SKC KMIP Client SDK follows the standards defined in these documents.
The OASIS Key management Interoperability Protocol (KMIP) defines a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. Go to OASIS Key Management Interoperability Protocol (KMIP) Technical Committee to learn more about the KMIP standard.
OASIS PKCS #11 is a standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data). Go to OASIS PKCS #11 Technical Committee to learn more about the PKCS #11 standard.

Standards Reference Documents

KMIP 1.0 Specification, OASIS Standard, 01 Oct 2010
KMIP 1.0 Profiles Specification, OASIS Standard, 01 Oct 2010
KMIP 1.1 Specification, OASIS Standard, 24 Jan 2013
KMIP 1.1 Profiles Specification, OASIS Standard, 24 Jan 2013
KMIP 1.2 Specification, OASIS Standard, 19 May 2015
KMIP 1.2 Profiles Specification, OASIS Standard, 19 May 2015
KMIP 1.3 Specification, OASIS Standard, 27 Dec 2016
KMIP 1.3 Profiles Specification, OASIS Standard, 27 Dec 2016
KMIP 1.3 Usage Guide, Committee Note Draft 01, 03 Dec 2015
KMIP 1.4 Specification, OASIS Standard, 22 November 2017
KMIP 2.0 Specification, OASIS Standard, 31 October 2019
KMIP 2.0 Profiles Specification, OASIS Standard, 31 October 2019
KMIP 2.0 Test Cases, Committee Note01, 24 October2019
KMIP 2.1 Specification, Committee Specification Draft01, 12 December2019
KMIP 2.1 Profiles Specification, Committee Specification Draft 02 /Public Review Draft 01, 06 February 2020
KMIP 1.4 Profiles Specification, Committee Specification Draft 01, 30 March 2017
PKCS#11 Cryptographic Token Interface Base Specification Version 2.40, OASIS Standard, 14 April 2015
PKCS#11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40, Committee Specification 01, 16 Sept 2014
PKCS#11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40
PKCS#11 Cryptographic Token Interface Profiles Version 2.40, OASIS Standard, 14 April 2015
PKCS#11 Cryptographic Token Interface Usage Guide Version 2.40, Committee Note 02, 16 Nov 2014
PKCS#11 Cryptographic Token Interface Base Specification Version 2.40 Errata 01, 13 May 2016
The SKC™ Secure KMIP Client SDK conforms to the following standard defined test cases using Tag Type Length Value (TTLV), XML, and JSON message encodings for all tests.

Supported KMIP Profiles

Profile
Baseline Client Basic KMIP V1.2
Baseline Client TLS V1.2 KMIP V1.2
Tape Library Client KMIP V1.0
Tape Library Client KMIP V1.1
Tape Library Client KMIP V1.2
Symmetric Key Lifecycle Client KMIP V1.0
Symmetric Key Lifecycle Client KMIP V1.1
Symmetric Key Lifecycle Client KMIP V1.2
Asymmetric Key Lifecycle Client KMIP V1.0
Asymmetric Key Lifecycle Client KMIP V1.1
Asymmetric Key Lifecycle Client KMIP V1.2
Basic Cryptographic Client KMIP V1.2
Advanced Cryptographic Client KMIP V1.2
RNG Cryptographic Client KMIP V1.2
Basic Symmetric Key Foundry Client KMIP V1.0
Intermediate Symmetric Key Foundry Client KMIP V1.0
Advanced Symmetric Key Foundry Client KMIP V1.0
Basic Symmetric Key Foundry Client KMIP V1.1
Intermediate Symmetric Key Foundry Client KMIP V1.1
Advanced Symmetric Key Foundry Client KMIP V1.1
Basic Symmetric Key Foundry Client KMIP V1.2
Intermediate Symmetric Key Foundry Client KMIP V1.2
Advanced Symmetric Key Foundry Client KMIP V1.2
Opaque Managed Object Store Client KMIP V1.0
Opaque Managed Object Store Client KMIP V1.1
Opaque Managed Object Store Client KMIP V1.2
Suite B MinLOS 128 Client KMIP V1.0
Suite B MinLOS 128 Client KMIP V1.1
Suite B MinLOS 128 Client KMIP V1.2
Suite B MinLOS 192 Client KMIP V1.0
Suite B MinLOS 192 Client KMIP V1.1
Suite B MinLOS 192 Client KMIP V1.2
Storage Array With Self Encrypting Drive Client KMIP V1.0
Storage Array With Self Encrypting Drive Client KMIP V1.1
Storage Array With Self Encrypting Drive Client KMIP V1.2
HTTPS Client KMIP V1.0
HTTPS Client KMIP V1.1
HTTPS Client KMIP V1.2
JSON Client KMIP V1.0
JSON Client KMIP V1.1
JSON Client KMIP V1.2
XML Client KMIP V1.0
XML Client KMIP V1.1
XML Client KMIP V1.2
Baseline Client Basic KMIP V1.3
Baseline Client TLS V1.2 KMIP V1.3
Tape Library Client KMIP V1.3
Symmetric Key Lifecycle Client KMIP V1.3
Asymmetric Key Lifecycle Client KMIP V1.3
Basic Cryptographic Client KMIP V1.3
Advanced Cryptographic Client KMIP V1.3
RNG Cryptographic Client KMIP V1.3
Basic Symmetric Key Foundry Client KMIP V1.3
Intermediate Symmetric Key Foundry Client KMIP V1.3
Advanced Symmetric Key Foundry Client KMIP V1.3
Opaque Managed Object Store Client KMIP V1.3
Suite B minLOS 128 Client KMIP V1.3
Suite B minLOS 192 Client KMIP V1.3
Storage Array With Self Encrypting Drive Client KMIP V1.3
HTTPS Client KMIP V1.3
JSON Client KMIPV 1.3
XML Client KMIP V1.3
Baseline Client Basic KMIP V1.4
Baseline Client TLS V1.2 KMIP V1.4
Tape Library Client KMIP V1.4
Symmetric Key Lifecycle Client KMIP V1.4
Asymmetric Key Lifecycle Client KMIP V1.4
Basic Cryptographic Client KMIP V1.4
Advanced Cryptographic Client KMIP V1.4
RNG Cryptographic Client KMIP V1.4
Basic Symmetric Key Foundry Client KMIP V1.4
Intermediate Symmetric Key Foundry Client KMIP V1.4
Advanced Symmetric Key Foundry Client KMIP V1.4
Opaque Managed Object Store Client KMIP V1.4
Suite B minLOS 128 Client KMIP V1.4
Suite B minLOS 192 Client KMIP V1.4
Storage Array With Self Encrypting Drive Client KMIP V1.4
HTTPS Client KMIP V1.4
JSON Client KMIP V1.4
XML Client KMIP V1.4

KMIP Version 1.0 Test Cases Supported

Test CaseDescription
TC-311-10Create / Destroy
TC-312-10Register / Create / Get attributes / Destroy
TC-313-10Create / Locate / Get / Destroy
TC-314-10Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-10Register / Destroy Secret Data
TC-32-10Asynchronous Locate
TC-41-10Revoke Scenario
TC-51-10Get Usage Allocation Scenario
TC-61-10Import of a Third-party Key
TC-71-10Unrecognized Message Extension with Criticality Indicator False
TC-72-10Unrecognized Message Extension with Criticality Indicator True
TC-81-10Create a Key Pair
TC-82-10Register Both Halves of a Key Pair
TC-91-10Create a Key, Re-key
TC-92-10Existing Key Expired, Re-key with Same Life-cycle
TC-93-10Existing Key Compromised, Re-key with Same Life-cycle
TC-94-10Create Key, Re-key with New Life-cycle
TC-95-10Obtain Lease for Expired Key
TC-101-10Create a Key, Archive and Recover it
TC-111-10Credential, Operation Policy, Destroy Date
TC-121-10Query, Maximum Response Size
TC-131-10Register an Asymmetric Key Pair in PKCS1 Format
TC-132-10Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-134-10Register Key Pair, Certify and Re-certify Public Key
TC-NP-1-10Put
TC-NP-2-10Notify & Put
TC-ECC-1-10Register an ECC Key Pai
TC-ECC-2-10Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-10Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-10Derive Symmetric Key HASH
TC-DERIVEKEY-2-10Derive Symmetric Key HMAC
TC-DERIVEKEY-3-10Derive Symmetric Key with secret data
TC-DERIVEKEY-4-10Derive Symmetric Key with secret data
TC-DERIVEKEY-5-10Derive Symmetric Key with secret data
TC-REKEY-1-10Rekey multiple times
TC-AESXTS-1-10Two key encryption
TC-I18N-1-10Unicode characters in attributes values
TC-I18N-2-10Unicode characters in attributes values
TC-I18N-3-10Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-10Two key encryption
TC-I18N-1-10UTF8 character in attribute
TC-I18N-2-10UTF8 character in attribute
TC-I18N-3-10UTF8 character in attribute
TC-REKEY-1-10Rekey multiple times
TC-DERIVEKEY-1-10Derive Symmetric Key
TC-DERIVEKEY-2-10Derive Symmetric Key
TC-DERIVEKEY-3-10Derive Symmetric Key
TC-DERIVEKEY-4-10Derive Symmetric Key
TC-DERIVEKEY-5-10Derive Symmetric Key

KMIP Version 1.0 Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-10Create, GetAttributes, Destroy
SKLC-M-2-10Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-10Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-10Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.0 Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-10 Create, Destroy AES-128
SKFF-M-2-10 Create, Destroy AES-192
SKFF-M-3-10 Create, Destroy AES-256
SKFF-M-4-10 Create, Destroy DES3-168
SKFF-M-5-10 Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-10 Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-10 Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-10 Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-10 Create, Destroy SKIPJACK-80
SKFF-O-2-10 Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-10 Create, Destroy DES3-112
SKFF-O-5-10 Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.0 Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-10CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-10CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-10CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-10CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.0 Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-10Register small opaque objecty
OMOS-O-1-10Register large (>10k) opaque objecty

KMIP Version 1.0 KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-10Configuration
TL-M-2-10Write with new (created) key
TL-M-3-10Read an encrypted tape

KMIP Version 1.0 Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-10Configuration
SASED-M-2-10Register the authentication key
SASED-M-3-10Retrieve Authentication Key

SEPATON Profile Version 1.0

Test CaseDescription
SEPATON-1-10Query
SEPATON-2-10Locate, Create
SEPATON-3-10Locate, Get, GetAttributes, Activate, GetAttributes

KMIP Version 1.1 Test Cases Supported

Test CaseDescription
TC-311-11Create / Destroy
TC-312-11Register / Create / Get attributes / Destroy
TC-313-11Create / Locate / Get / Destroy
TC-314-11Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-11Register / Destroy Secret Data
TC-32-11Asynchronous Locate
TC-41-11Revoke Scenario
TC-51-11Get Usage Allocation Scenario
TC-61-11Import of a Third-party Key
TC-71-11Unrecognized Message Extension with Criticality Indicator False
TC-72-11Unrecognized Message Extension with Criticality Indicator True
TC-81-11Create a Key Pair
TC-82-11Register Both Halves of a Key Pair
TC-91-11Create a Key, Re-key
TC-92-11Existing Key Expired, Re-key with Same Life-cycle
TC-93-11Existing Key Compromised, Re-key with Same Life-cycle
TC-94-11Create Key, Re-key with New Life-cycle
TC-95-11Obtain Lease for Expired Key
TC-101-11Create a Key, Archive and Recover it
TC-111-11Credential, Operation Policy, Destroy Date
TC-112-11Device Credential, Operation Policy, Destroy Date
TC-121-11Query, Maximum Response Size
TC-122-11Query Vendor Extensions
TC-131-11Register an Asymmetric Key Pair in PKCS1 Format
TC-132-11Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-133-11Create, Re-key Key Pair
TC-134-11Register Key Pair, Certify and Re-certify Public Key
TC-141-11Key Wrapping using AES Key Wrap and No Encoding
TC-142-11Key Wrapping using AES Key Wrap with Attributes
TC-151-11Locate a Fresh Object from the Default Group
TC-152-11Client-side Group Management
TC-153-11Default Object Group Member
TC-161-11Discover Versions
TC-171-11Handling of Attributes and Attribute Index Values
TC-181-11Digests of Symmetric Keys
TC-182-11Digests of RSA Private Keys
TC-NP-1-11Put
TC-NP-2-11Notify & Put
TC-ECC-1-11Register an ECC Key Pair
TC-ECC-2-11Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-11Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-11Derive Symmetric Key HASH
TC-DERIVEKEY-2-11Derive Symmetric Key HMAC
TC-DERIVEKEY-3-11Derive Symmetric Key with secret data
TC-DERIVEKEY-4-11Derive Symmetric Key with secret data
TC-DERIVEKEY-5-11Derive Symmetric Key with secret data
TC-REKEY-1-11Rekey multiple times
TC-AESXTS-1-11Two key encryption
TC-I18N-1-11Unicode characters in attributes values
TC-I18N-2-11Unicode characters in attributes values
TC-I18N-3-11Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-11Two key encryption
TC-I18N-1-11UTF8 character in attribute
TC-I18N-2-11UTF8 character in attribute
TC-I18N-3-11UTF8 character in attribute
TC-REKEY-1-11Rekey multiple times
TC-DERIVEKEY-1-11Derive Symmetric Key
TC-DERIVEKEY-2-11Derive Symmetric Key
TC-DERIVEKEY-3-11Derive Symmetric Key
TC-DERIVEKEY-4-11Derive Symmetric Key
TC-DERIVEKEY-5-11Derive Symmetric Key

KMIP Version 1.1 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-11Create, GetAttributes, Destroy
SKLC-M-2-11Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-11Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-11Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.1 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-11Create, Destroy AES-128
SKFF-M-2-11Create, Destroy AES-192
SKFF-M-3-11Create, Destroy AES-256
SKFF-M-4-11Create, Destroy DES3-168
SKFF-M-5-11Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-11Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-11Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-11Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-11Create, Destroy SKIPJACK-80
SKFF-O-2-11Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-11Create, Destroy DES3-112
SKFF-O-5-11Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.1 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-11CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-11CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-11CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-11CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.1 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-11Register small opaque object
OMOS-O-1-11Register large (>10k) opaque object

KMIP Version 1.1 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-11Configuration
TL-M-2-11Write with new (created) key
TL-M-3-11Read an encrypted tape

KMIP Version 1.1 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-11Configuration
SASED-M-2-11Register the authentication key
SASED-M-3-11Retrieve Authentication Key

KMIP Version 1.2 Test Cases Supported

Test CaseDescription
TC-311-12Create / Destroy
TC-312-12Register / Create / Get attributes / Destroy
TC-313-12Create / Locate / Get / Destroy
TC-314-12Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-12Register / Destroy Secret Data
TC-32-12Asynchronous Locate
TC-41-12Revoke Scenario
TC-51-12Get Usage Allocation Scenario
TC-61-12Import of a Third-party Key
TC-71-12Unrecognized Message Extension with Criticality Indicator False
TC-72-12Unrecognized Message Extension with Criticality Indicator True
TC-81-12Create a Key Pair
TC-82-12Register Both Halves of a Key Pair
TC-91-12Create a Key, Re-key
TC-92-12Existing Key Expired, Re-key with Same Life-cycle
TC-93-12Existing Key Compromised, Re-key with Same Life-cycle
TC-94-12Create Key, Re-key with New Life-cycle
TC-95-12Obtain Lease for Expired Key
TC-101-12Create a Key, Archive and Recover it
TC-111-12Credential, Operation Policy, Destroy Date
TC-112-12Device Credential, Operation Policy, Destroy Date
TC-121-12Query, Maximum Response Size
TC-122-12Query Vendor Extensions
TC-131-12Register an Asymmetric Key Pair in PKCS1 Format
TC-132-12Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-133-12Create, Re-key Key Pair
TC-134-12Register Key Pair, Certify and Re-certify Public Key
TC-141-12Key Wrapping using AES Key Wrap and No Encoding
TC-142-12Key Wrapping using AES Key Wrap with Attributes
TC-151-12Locate a Fresh Object from the Default Group
TC-152-12Client-side Group Management
TC-153-12Default Object Group Member
TC-161-12Discover Versions
TC-171-12Handling of Attributes and Attribute Index Values
TC-181-12Digests of Symmetric Keys
TC-182-12Digests of RSA Private Keys
TC-PGP-1-12Register PGP Key - RSA
TC-MDO-1-12Register MDO Key
TC-MDO-2-12Locate MDO keys by Key Value Present
TC-MDO-3-12Register MDO Key using PKCS11 URI
TC-SJ-1-12Create and Split/Join
TC-SJ-2-12Register and Split / Join
TC-SJ-3-12Join Split Keys
TC-SJ-4-12Register and Split / Join with XOR
TC-NP-1-12Put
TC-NP-2-12Notify & Put
TC-ECC-1-12Register an ECC Key Pair
TC-ECC-2-12Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-12Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-12Derive Symmetric Key HASH
TC-DERIVEKEY-2-12Derive Symmetric Key HMAC
TC-DERIVEKEY-3-12Derive Symmetric Key with secret data
TC-DERIVEKEY-4-12Derive Symmetric Key with secret data
TC-DERIVEKEY-5-12Derive Symmetric Key with secret data
TC-REKEY-1-12Rekey multiple times
TC-AESXTS-1-12Two key encryption
TC-I18N-1-12Unicode characters in attributes values
TC-I18N-2-12Unicode characters in attributes values
TC-I18N-3-12Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-12Two key encryption
TC-I18N-1-12UTF8 character in attribute
TC-I18N-2-12UTF8 character in attribute
TC-I18N-3-12UTF8 character in attribute
TC-REKEY-1-12Rekey multiple times
TC-DERIVEKEY-1-12Derive Symmetric Key
TC-DERIVEKEY-2-12Derive Symmetric Key
TC-DERIVEKEY-3-12Derive Symmetric Key
TC-DERIVEKEY-4-12Derive Symmetric Key
TC-DERIVEKEY-5-12Derive Symmetric Key

KMIP Version 1.2 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-12Create, GetAttributes, Destroy
SKLC-M-2-12Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-12Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-12Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.2 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-12Create, Destroy AES-128
SKFF-M-2-12Create, Destroy AES-192
SKFF-M-3-12Create, Destroy AES-256
SKFF-M-4-12Create, Destroy DES3-168
SKFF-M-5-12Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-12Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-12Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-12Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-12Create, Destroy SKIPJACK-80
SKFF-O-2-12Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-12Create, Destroy DES3-112
SKFF-O-5-12Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.2 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-12CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-12CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-12CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-12CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.2 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-12Register small opaque object
OMOS-O-1-12Register large (>10k) opaque object

KMIP Version 1.2 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-12Configuration
TL-M-2-12Write with new (created) key
TL-M-3-12Read an encrypted tape

KMIP Version 1.2 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-12Configuration
SASED-M-2-12Register the authentication key
SASED-M-3-12Retrieve Authentication Key

KMIP Version 1.2 - KMIP Cryptographic Services Profile Supported

Test CaseDescription
CS-BC-M-1-12Encrypt with New Symmetric Key
CS-BC-M-2-12Decrypt with New Symmetric Key
CS-BC-M-3-12Encrypt and Decrypt with New Symmetric Key
CS-BC-M-4-12Encrypt with Known Symmetric Key
CS-BC-M-5-12Decrypt with Known Symmetric Key
CS-BC-M-6-12Encrypt and Decrypt with Known Symmetric Key
CS-BC-M-7-12Encrypt with Known Symmetric Key with Usage Limits
CS-BC-M-8-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-9-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-10-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
CS-BC-M-11-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-12-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-13-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and Random IV
CS-BC-M-14-12Encrypt and Decrypt with Known Symmetric Key Date Checks
CS-RNG-M-1-12RNG Retrieve
CS-RNG-O-1-12Seed RNG with Server Accept
CS-RNG-O-2-12Seed RNG with Server Partial Acceptt
CS-RNG-O-3-12Seed RNG with Server Ignoret
CS-RNG-O-4-12Seed RNG with Server Denyt
CS-AC-M-1-12Sign with Known Asymmetric Key
CS_AC-M-2-12Signature Verify with Known Asymmetric Key
CS-AC-M-3-12Sign and Signature Verify with Known Asymmetric Key
CS-AC-M-4-12MAC with Known Key
CS_AC-M-5-12MAC Verify with Known Key
CS-AC-M-6-12MAC and MAC Verify with Known Key
CS-AC-M-7-12Hash
CS-AC-M-8-12Sign and Signature Verify with Known Asymmetric Key Date Checks

KMIP 1.0, 1.1, 1.2 and 1.3 - KMIP Additional Message Encodings Supported

Test CaseDescription
MSGENC-HTTPS-1-10HTTPS POST: Query, Maximum Response Size
MSGENC-XML-1-10Message Encoding XML: Query, Maximum Response Size (In addition, we have run all above test cases in XML mode.)
MSGENC-JSON-1-10Message Encoding JSON: Query, Maximum Response Size (In addition, we have run all above test cases in JSON mode.)

KMIP 1.0, 1.1, 1.2, and 1.3 - KMIP Suite B Profile Version 1.0

Test CaseDescription
SUITEB_128-M-1-10 Query
SUITEB_192-M-1-10 Query
SUITEB_128-M-1-11 Query
SUITEB_192-M-1-11 Query
SUITEB_128-M-1-12 Query
SUITEB_192-M-1-12 Query

KMIP Version 1.3 Test Cases Supported

Test CaseDescription
TC-CREG-2-13Retrieve Initial Client Credentials
TC-OTP-1-13One Time Pad support
TC-OTP-2-13One Time Pad support
TC-OTP-3-13One Time Pad support
TC-OTP-4-13One Time Pad support
TC-Q-CAP-1-13Query Server Capabilities
TC-Q-CAP-2-13Query Server Capabilities
TC-Q-CREG_1-13Query Server Client Registration Methods
TC-Q-PROF-1-13Query Server supported profiles
TC-Q-PROF-2-13Query Server supported profiles
TC-Q-PROF-3-13Query Server supported profiles
TC-Q-RNGS-1-13Query Server supported RNG
TC-Q-RNGS-2-13Query Server supported RNG
TC-Q-RNGS-3-13Query Server supported RNG
TC-Q-RNGS-4-13Query Server supported RNG
TC-Q-RNGS-5-13Query Server supported RNG
TC-Q-S2C-1-13Server to Client Query client capabilities
TC-Q-S2C-2-13Server to Client Query client supported KMIP protocol versions
TC-Q-S2C-PROF-1-13Server to Client Query client supported profiles
TC-Q-S2C-PROF-2-13Server to Client Query client supported profiles
TC-Q-VAL-1-13Query Server Validations
TC-Q-VAL-2-13Query Server Validations
TC-RNG-ATTR-1-13Register / Get Attributes / Destroy
TC-RNG-ATTR-2-13Register / Get Attributes / Destroy
TC-STREAM-HASH-1-13Streaming) Hash
TC-STREAM-HASH-2-13Streaming) Hash
TC-STREAM-HASH-3-13Streaming) Hash
TC-STREAM-ENC-1-13Streaming) Encrypt with New Symmetric Key
TC-STREAM-ENC-2-13Streaming) Encrypt with Known Symmetric Key
TC-STREAM-ENCDEC-1-13Streaming) Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
TC-OFFSET-1-13Locate with offset
TC-OFFSET-2-13Locate with offset
TC-DERIVEKEY-1-13Derive Symmetric Key HASH
TC-DERIVEKEY-2-13Derive Symmetric Key HMAC
TC-DERIVEKEY-3-13Derive Symmetric Key with secret data
TC-DERIVEKEY-4-13Derive Symmetric Key with secret data
TC-DERIVEKEY-5-13Derive Symmetric Key with secret data
TC-REKEY-1-13Rekey multiple times
TC-AESXTS-1-13Two key encryption
TC-I18N-1-13Unicode characters in attributes values
TC-I18N-2-13Unicode characters in attributes values
TC-I18N-3-13Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-13Two key encryption
TC-OTP-5-13One Time Pad support
TC-I18N-1-13UTF8 character in attribute
TC-I18N-2-13UTF8 character in attribute
TC-I18N-3-13UTF8 character in attribute
TC-REKEY-1-13Rekey multiple times
TC-DERIVEKEY-1-13Derive Symmetric Key
TC-DERIVEKEY-2-13Derive Symmetric Key
TC-DERIVEKEY-3-13Derive Symmetric Key
TC-DERIVEKEY-4-13Derive Symmetric Key
TC-DERIVEKEY-5-13Derive Symmetric Key

KMIP Version 1.3 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-13CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-13CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-13CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-13CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.3 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-13Register small opaque object
OMOS-O-1-13Register large (>10k) opaque object

KMIP Version 1.3 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-13Configuration
TL-M-2-13Write with new (created) key
TL-M-3-13Read an encrypted tape

KMIP Version 1.3 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-13Create, Destroy AES-128
SKFF-M-2-13Create, Destroy AES-192
SKFF-M-3-13Create, Destroy AES-256
SKFF-M-4-13Create, Destroy DES3-168
SKFF-M-5-13Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-13Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-13Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-13Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-13Create, Destroy SKIPJACK-80
SKFF-O-2-13Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-13Create, Destroy DES3-112
SKFF-O-5-13Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.3 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-13Create, GetAttributes, Destroy
SKLC-M-2-13Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-13Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-13Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.3 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-13Configuration
SASED-M-2-13Register the authentication key
SASED-M-3-13Retrieve Authentication Key

KMIP Version 1.3 - KMIP Cryptographic Services Profile Supported

Test CaseDescription
CS-BC-M-1-13Encrypt with New Symmetric Key
CS-BC-M-2-13Decrypt with New Symmetric Key
CS-BC-M-3-13Encrypt and Decrypt with New Symmetric Key
CS-BC-M-4-13Encrypt with Known Symmetric Key
CS-BC-M-5-13Decrypt with Known Symmetric Key
CS-BC-M-6-13Encrypt and Decrypt with Known Symmetric Key
CS-BC-M-7-13Encrypt with Known Symmetric Key with Usage Limits
CS-BC-M-8-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-9-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-10-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
CS-BC-M-11-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-12-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-13-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and Random IV
CS-BC-M-14-13Encrypt and Decrypt with Known Symmetric Key Date Checks
CS-RNG-M-1-13RNG Retrieve
CS-RNG-O-1-13Seed RNG with Server Accept
CS-RNG-O-2-13Seed RNG with Server Partial Acceptt
CS-RNG-O-3-13Seed RNG with Server Ignoret
CS-RNG-O-4-13Seed RNG with Server Denyt
CS-AC-M-1-13Sign with Known Asymmetric Key
CS_AC-M-2-13Signature Verify with Known Asymmetric Key
CS-AC-M-3-13Sign and Signature Verify with Known Asymmetric Key
CS-AC-M-4-13MAC with Known Key
CS_AC-M-5-13MAC Verify with Known Key
CS-AC-M-6-13MAC and MAC Verify with Known Key
CS-AC-M-7-13Hash
CS-AC-M-8-13Sign and Signature Verify with Known Asymmetric Key Date Checks

KMIP Version 1.4 - Test Cases Supported

Test CaseDescription
AX-M-1-14Two key encryption
AX-M-2-14Two key encryption
TC-CERTATTR-1-14Certificate attributes
TC-CREG-2-14Client Registration
TC-CS-CORVAL-1-14Server/Client correlation values
TC-CREATE-SD-1-14Create Secret Data Object
TC-DERIVEKEY-1-14Derive Symmetric Key
TC-DERIVEKEY-2-14Derive Symmetric Key
TC-DERIVEKEY-3-14Derive Symmetric Key
TC-DERIVEKEY-4-14Derive Symmetric Key
TC-DERIVEKEY-5-14Derive Symmetric Key
TC-DERIVEKEY-6-14Derive Symmetric Key
TC-I18N-1-14UTF8 character in attribute
TC-I18N-2-14UTF8 character in attribute
TC-I18N-3-14UTF8 character in attribute
TC-ECDSA-SIGN-1-14ECC Key Pair Sign
TC-ECDSA-SIGN-DIGESTEDDATA-1-14ECC Key Pair Sign Digested
TC-RSA-SIGN-DIGESTEDDATA-1-14RSA Key Pair Sign Digested
TC-PKCS12-1-14PKCS#12 Private Key Export
TC-PKCS12-2-14PKCS#12 Private Key Export
TC_STREAM_SIGN_1_14Stream Sign with Asymmetric key
TC-STREAM-SIGNVFY-1-14Stream Sign Verify
TC-REKEY-1-14Rekey multiple times
CS-BC-M-GCM-1-14Encrypt/Decrypt Symmetric Key in GCM
CS-BC-M-GCM-2-14Encrypt/Decrypt Symmetric Key in GCM
CS-BC-M-GCM-3-14Encrypt/Decrypt Symmetric Key in GCM
CS-AC-OAEP-1-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-2-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-3-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-4-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-5-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-6-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-7-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-8-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-9-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-10-14Decrypt OAEP with known Asymmetric key
TC-ECC-1-14
TC-ECC-2-14
TC-ECC-3-14
TC-EXTRACTABLE-1-14
TC-SENSITIVE-1-14
TC-MDO-1-14
TC-MDO-2-14
TC-MDO-3-14
TC-NP-1-14
TC-NP-2-14
TC-OFFSET-1-14
TC-OFFSET-2-14
TC-OTP-1-14
TC-OTP-2-14
TC-OTP-3-14
TC-OTP-4-14
TC-OTP-5-14
TC-PGP-1-14
TC-Q-CAP-1-14
TC-Q-CAP-2-14
TC-Q-CAP-3-14
TC-Q-CREG-1-14
TC-Q-PROF-1-14
TC-Q-PROF-2-14
TC-Q-PROF-3-14
TC-Q-RNGS-1-14
TC-Q-RNGS-2-14
TC-Q-RNGS-3-14
TC-Q-RNGS-4-14
TC-Q-RNGS-5-14
TC-Q-RNGS-6-14
TC-Q-S2C-1-14
TC-Q-S2C-2-14
TC-Q-S2C-PROF-1-14
TC-Q-VAL-1-14
TC-Q-VAL-2-14
TC-RNG-ATTR-1-14
TC-RNG-ATTR-2-14
TC-SJ-1-14
TC-SJ-2-14
TC-SJ-3-14
TC-SJ-4-14
TC-STREAM-ENC-1-14
TC-STREAM-ENC-2-14
TC-STREAM-ENCDEC-1-14
TC-STREAM-HASH-1-14
TC-STREAM-HASH-2-14
TC-STREAM-HASH-3-14
TC-STREAM-MAC-1-14
TC-STREAM-SIGN-1-14
TC-STREAM-SIGNVFY-1-14
TC-WRAP-1-14
TC-WRAP-2-14
TC-WRAP-3-14
CS-AC-M-1-14
CS-AC-M-2-14
CS-AC-M-3-14
CS-AC-M-4-14
CS-AC-M-5-14
CS-AC-M-6-14
CS-AC-M-7-14
CS-AC-M-8-14
CS-BC-M-1-14
CS-BC-M-2-14
CS-BC-M-3-14
CS-BC-M-4-14
CS-BC-M-5-14
CS-BC-M-6-14
CS-BC-M-7-14
CS-BC-M-8-14
CS-BC-M-9-14
CS-BC-M-10-14
CS-BC-M-11-14
CS-BC-M-12-14
CS-BC-M-13-14
CS-BC-M-14-14
CS-RNG-M-1-14
MSGENC-HTTPS-M-1-14
MSGENC-XML-M-1-14
MSGENC-JSON-M-1-14
OMOS-M-1-14
SASED-M-1-14
SASED-M-2-14
SASED-M-3-14
AKLC-M-1-14
AKLC-M-2-14
AKLC-M-3-14
SKLC-M-1-14
SKLC-M-2-14
SKLC-M-3-14
SKFF-M-1-14
SKFF-M-2-14
SKFF-M-3-14
SKFF-M-4-14
SKFF-M-5-14
SKFF-M-6-14
SKFF-M-7-14
SKFF-M-8-14
SKFF-M-9-14
SKFF-M-10-14
SKFF-M-11-14
SKFF-M-12-14
SUITEB-128-M-1-14
SUITEB-192-M-1-14
TL-M-1-14
TL-M-2-14
TL-M-3-14

KMIP Version 2.0 - Test Cases Supported

Test Case
AX-M-1-20
AX-M-2-20
TC-CERTATTR-1-20
TC-CREATE-SD-1-20
TC-CS-CORVAL-1-20
TC-DERIVEKEY-1-20
TC-DERIVEKEY-2-20
TC-DERIVEKEY-3-20
TC-DERIVEKEY-4-20
TC-DERIVEKEY-5-20
TC-DERIVEKEY-6-20
TC-ECC-1-20
TC-ECC-2-20
TC-ECC-3-20
TC-ECDSA-SIGN-1-20
TC-ECDSA-SIGN-DIGESTEDDATA-1-20
TC-EXTRACTABLE-1-20
TC-I18N-1-20
TC-I18N-2-20
TC-I18N-3-20
TC-MDO-1-20
TC-MDO-2-20
TC-MDO-3-20
TC-OFFSET-1-20
TC-OFFSET-2-20
TC-PGP-1-20
TC-PKCS12-1-20
TC-PKCS12-2-20
TC-REKEY-1-20
TC-RNG-ATTR-1-20
TC-RNG-ATTR-2-20
TC-RSA-SIGN-DIGESTEDDATA-1-20
TC-SENSITIVE-1-20
TC-STREAM-ENC-1-20
TC-STREAM-ENC-2-20
TC-STREAM-ENCDEC-1-20
TC-STREAM-HASH-1-20
TC-STREAM-HASH-2-20
TC-STREAM-HASH-3-20
TC-STREAM-MAC-1-20
TC-STREAM-SIGN-1-20
TC-STREAM-SIGNVFY-1-20
CS-AC-M-1-20
CS-AC-M-2-20
CS-AC-M-3-20
CS-AC-M-4-20
CS-AC-M-5-20
CS-AC-M-6-20
CS-AC-M-7-20
CS-AC-M-8-20
CS-AC-OAEP-1-20
CS-AC-OAEP-2-20
CS-AC-OAEP-3-20
CS-AC-OAEP-4-20
CS-AC-OAEP-5-20
CS-AC-OAEP-6-20
CS-AC-OAEP-7-20
CS-AC-OAEP-8-20
CS-AC-OAEP-9-20
CS-AC-OAEP-10-20
CS-BC-M-1-20
CS-BC-M-2-20
CS-BC-M-3-20
CS-BC-M-4-20
CS-BC-M-5-20
CS-BC-M-6-20
CS-BC-M-7-20
CS-BC-M-8-20
CS-BC-M-9-20
CS-BC-M-10-20
CS-BC-M-11-20
CS-BC-M-12-20
CS-BC-M-13-20
CS-BC-M-14-20
CS-BC-M-GCM-1-20
CS-BC-M-GCM-2-20
CS-BC-M-GCM-3-20
CS-RNG-M-1-20
MSGENC-HTTPS-M-1-20
MSGENC-XML-M-1-20
MSGENC-JSON-M-1-20
OMOS-M-1-20
SASED-M-1-20
SASED-M-2-20
SASED-M-3-20
AKLC-M-1-20
AKLC-M-2-20
AKLC-M-3-20
SKLC-M-1-20
SKLC-M-2-20
SKLC-M-3-20
SKFF-M-1-20
SKFF-M-2-20
SKFF-M-3-20
SKFF-M-4-20
SKFF-M-5-20
SKFF-M-6-20
SKFF-M-7-20
SKFF-M-8-20
SKFF-M-9-20
SKFF-M-10-20
SKFF-M-11-20
SKFF-M-12-20
TL-M-1-20
TL-M-2-20
TL-M-3-20

KMIP Version 2.1 - Test Cases Supported

Test Case
TC-ASYNC-1-21
TC-ASYNC-2-21
TC-ASYNC-3-21
TC-ASYNC-4-21
TC-ASYNC-5-21
TC-ASYNC-6-21
TC-ASYNC-7-21
TC-ASYNC-8-21
TC-ASYNC-9-21
TC-ASYNC-10-21
TC-CERTATTR-1-21
TC-CREATE-SD-1-21
TC-CS-CORVAL-1-21
TC-DERIVEKEY-1-21
TC-DERIVEKEY-2-21
TC-DERIVEKEY-3-21
TC-DERIVEKEY-4-21
TC-DERIVEKEY-5-21
TC-DERIVEKEY-6-21
TC-DIGESTS-1-21
TC-DLOGIN-1-21
TC-DLOGIN-2-21
TC-DLOGIN-3-21
TC-DLOGIN-4-21
TC-DLOGIN-5-21
TC-DLOGIN-6-21
TC-DLOGIN-7-21
TC-DLOGIN-8-21
TC-DLOGIN-9-21
TC-DLOGIN-10-21
TC-DLOGIN-11-21
TC-DLOGIN-12-21
TC-DLOGIN-13-21
TC-LOGIN-1-21
TC-LOGIN-2-21
TC-LOGIN-3-21
TC-ECC-1-21
TC-ECC-2-21
TC-ECC-3-21
TC-ECDSA-SIGN-1-21
TC-ECDSA-SIGN-DIGESTEDDATA-1-21
TC-EXTRACTABLE-1-21
TC-I18N-1-21
TC-I18N-2-21
TC-I18N-3-21
TC-IMPEXP-1-21
TC-IMPEXP-2-21
TC-IMPEXP-3-21
TC-IMPEXP-4-21
TC-IMPEXP-5-21
TC-MD-1-21
TC-MD-2-21
TC-MD-3-21
TC-MD-4-21
TC-MD-5-21
TC-MD-6-21
TC-MD-21-21
TC-MD-22-21
TC-MD-23-21
TC-MD-24-21
TC-MDO-1-21
TC-MDO-2-21
TC-MDO-3-21
TC-OFFSET-1-21
TC-OFFSET-2-21
TC-PGP-1-21
TC-PING-1-21
TC-PKCS12-1-21
TC-PKCS12-2-21
TC-REENCRYPT-1-21
TC-REENCRYPT-2-21
TC-REKEY-1-21
TC-REKEY-2-21
TC-REKEY-3-21
TC-REKEY-4-21
TC-REKEY-5-21
TC-REKEY-6-21
TC-REKEY-7-21
TC-REKEY-8-21
TC-REKEY-9-21
TC-REKEY-10-21
TC-REKEY-11-21
TC-RNG-ATTR-1-21
TC-RNG-ATTR-2-21
TC-RSA-SIGN-DIGESTEDDATA-1-21
TC-SENSITIVE-1-21
TC-SETATTR-1-21
TC-SETATTR-2-21
TC-SETATTR-3-21
TC-SJ-1-21
TC-SJ-2-21
TC-SJ-3-21
TC-SJ-4-21
TC-STREAM-ENC-1-21
TC-STREAM-ENC-2-21
TC-STREAM-ENCDEC-1-21
TC-STREAM-HASH-1-21
TC-STREAM-HASH-2-21
TC-STREAM-HASH-3-21
TC-STREAM-MAC-1-21
TC-STREAM-SIGN-1-21
TC-STREAM-SIGNVFY-1-21
TC-WRAP-1-21
TC-WRAP-2-21
TC-WRAP-3-21
BL-M-1-21
BL-M-2-21
BL-M-3-21
BL-M-4-21
BL-M-5-21
BL-M-6-21
BL-M-7-21
BL-M-8-21
BL-M-9-21
BL-M-10-21
BL-M-11-21
BL-M-12-21
BL-M-13-21
CS-AC-M-1-21
CS-AC-M-2-21
CS-AC-M-3-21
CS-AC-M-4-21
CS-AC-M-5-21
CS-AC-M-6-21
CS-AC-M-7-21
CS-AC-M-8-21
CS-AC-OAEP-1-21
CS-AC-OAEP-2-21
CS-AC-OAEP-3-21
CS-AC-OAEP-4-21
CS-AC-OAEP-5-21
CS-AC-OAEP-6-21
CS-AC-OAEP-7-21
CS-AC-OAEP-8-21
CS-AC-OAEP-9-21
CS-AC-OAEP-10-21
CS-BC-M-1-21
CS-BC-M-2-21
CS-BC-M-3-21
CS-BC-M-4-21
CS-BC-M-5-21
CS-BC-M-6-21
CS-BC-M-7-21
CS-BC-M-8-21
CS-BC-M-9-21
CS-BC-M-10-21
CS-BC-M-11-21
CS-BC-M-12-21
CS-BC-M-13-21
CS-BC-M-14-21
CS-BC-M-CHACHA20-1-21
CS-BC-M-CHACHA20-2-21
CS-BC-M-CHACHA20-3-21
CS-BC-M-CHACHA20POLY1305-1-21
CS-BC-M-GCM-1-21
CS-BC-M-GCM-2-21
CS-BC-M-GCM-3-21
CS-RNG-M-1-21
CS-RNG-O-1-21
CS-RNG-O-2-21
CS-RNG-O-3-21
CS-RNG-O-4-21
MSGENC-HTTPS-M-1-21
MSGENC-XML-M-1-21
MSGENC-JSON-M-1-21
OMOS-M-1-21
OMOS-O-1-21
PKCS11-M-1-21
QS-M-1-21
QS-M-2-21
SASED-M-1-21
SASED-M-2-21
SASED-M-3-21
AKLC-M-1-21
AKLC-M-2-21
AKLC-M-3-21
AKLC-0-1-21
SKLC-M-1-21
SKLC-M-2-21
SKLC-M-3-21
SKLC-O-1-21
SKFF-M-1-21
SKFF-M-2-21
SKFF-M-3-21
SKFF-M-4-21
SKFF-M-5-21
SKFF-M-6-21
SKFF-M-7-21
SKFF-M-8-21
SKFF-M-9-21
SKFF-M-10-21
SKFF-M-11-21
SKFF-M-12-21
TL-M-1-21
TL-M-2-21
TL-M-3-21
Secure KMIP Client SDK Export Compliance
We have some good news regarding compliance with U.S. export controls!
P6R has obtained a Commodity Classification (Form BIS-6002L ~ CCATS No. G154787) from the Commerce Department's Bureau of Industry and Security confirming that the SKC Secure KMIP Client SDK is classified under Export Control Classification Number 5D002.c.1 on the Commerce Control List of the Export Administration Regulations (EAR).
As a result, SKC Secure KMIP Client SDK software now is eligible for export under the provisions of License Exception ENC/Unrestricted, pursuant to Section 740.17(b)(3) of the EAR. As such, SKC Secure KMIP Client SDK software may be exported and reexported to all countries except Cuba, Iran, North Korea, Syria and Sudan, subject to the standard restrictions on end-user and end-use described in the EAR. For more information regarding the use of License Exception ENC and other requirements of the EAR, please visit the Bureau of Industry and Security's website www.bis.doc.gov or contact their offices directly: Bureau of Industry and Security, Washington, D.C. (202) 482-4811
If you need further assistance or have more questions about SKC Secure KMIP Client SDK's export compliance, please Contact Us.

Licensing and Upgrades


Our "Develop Anywhere / Deploy Anywhere"™ License Highlights

  • Per-product license, no per developer costs.
  • Royalty free runtime. The DLLs can be redistributed royalty free with your product on any supported platforms.
  • One license covers all platforms. No need to purchase a license for each platform.
  • Site licenses are also available.
  • Contact Sales for licensing options.
Our products and this license are designed to enable you to develop, test and deploy your solutions on any platform or platforms (that we support) without per-seat or per-platform restrictions.