Home  » Software  » SKC
SKC™ Secure KMIP Client
SKC™ enables the easy addition of KMIP based interoperable key management to your application.
  • Royalty Free License
  • Available for Windows™ | Linux™ | Linux™ ARM (with source license)
Please contact our sales team if you have any questions.

What's New

  • Many bug fixes and optimizations.
  • Java JNI and Python language bindings
  • GCC v5+ compiler support.
  • ARM processor Support (with source license).
The SKC™ SDK provides a full implementation of the OASIS KMIP 1.0, 1.1, 1.2, 1.3 and 1.4 standards. Online documentation and examples are available.
  • Layered, Interface Based C/C++ API
  • Java JNI and Python language bindings
  • PKCS11 v2.40 compliant C based API
  • Full Client Implementation (TTLV, XML and JSON).
  • Single API for All protocol flavors (TTLV, XML, and JSON)
  • Extensive Protocol Logging (TTLV, XML and JSON)
  • Limited UEFI Platform Suport (TTLV encoder/decoder).
  • Suite B support.
  • Many New Examples (we are always adding more)
  • High level crypto API
  • Cross Platform/Single Codebase - Windows and Linux x86/ARM
  • Standards Compliant (see the Standards and Conformance tabs)
  • Support for KMIP put and notify.

Interoperability

P6R is committed to ensuring interoperability of its KMIP client SDK with all KMIP servers and we are continually working with server vendors to ensure interoperability.
  • April 2017 - P6R Integration testing with the Hancom Secure KeyManager
  • March 2017 - P6R Integration testing with the Kryptus kNET HSM
  • January 2016 - P6R Inc. participated in the OASIS KMIP Interop and tested with all participating KMIP servers:
    • Cryptsoft KMIP C Server SDK
    • Cryptsoft KMIP Java Server SDK
    • Fornetix Key Orchestration Server
    • HPE ESKM Server
    • IBM SKLM Server
    • QuintessenceLabs qCrypt Server
    • SafeNet KeySecure Server
    • Townsend Security Alliance Key Manager
    • Utimaco KeyServer
  • March 2015 - P6R Inc. participated in the OASIS KMIP Interop and tested with all participating KMIP servers:
    • Cryptsoft C KMIP Server
    • Cryptsoft Java KMIP Server
    • Dell KMIP Server
    • HP KMIP Server
    • IBM KMIP Server
    • Fornetix KMIP Server
    • Thales KMIP Server
    • Vormetric KMIP Server
  • Nov 2014 - P6R Integration with HP Enterprise Secure Key Manager
  • Jan 2014 - P6R Inc. participated in the OASIS KMIP Interop and tested with all participating KMIP servers:
    • Cryptsoft C KMIP Server
    • Cryptsoft Java KMIP Server
    • Dell KMIP Server
    • HP KMIP Server
    • IBM KMIP Server
    • SafeNet KMIP Server
    • Thales KMIP Server
    • Vormetric KMIP Server
  • Oct 2013 - QuintessenceLabs Announces Interoperability Partnership With P6R - Project 6 Research

UEFI Support

The SKC™ SDK provides limited support for UEFI platforms using the Tianocore UDK2014.SP1.P1 Release. The library provides access our low-level KMIP TTLV encoder/decoder interfaces. When used in combination with the native networking library and OpenSSL provided in the Tianocore UDK 2014 distribution, developers can more easily perform basic KMIP operations from within their UEFI drivers.

Layered API

The SKC™ SDK provides several different layers of abstraction, each building on the previous, enabling developers to use whichever layer or layers best suit their needs.

Layer 0 - Protocol Parser/Generator

This layer of the API provides full binary KMIP protocol message parsing and message generation. It is used to parse existing (already received) KMIP protocol messages or generate KMIP protocol message to be sent.

Layer 1 - Functional API

Layer 1 implements a slight higher level API that is more functional in nature, providing the base functionality for the various KMIP protocol interactions (connect to the server, create key, delete key, etc).

Layer 2 - DOM Tree

Layer 2 provides our DOM-tree API. Our DOM-tree has been enhanced to efficiently support binary data types. Utilizing a plugin it populates the DOM-tree with KMIP messages using the layer 1 APIs. Since a KMIP message is essentially a tree of nested structures this translation is straight forward. Once in the DOM tree, the data can be output in any supported format (XML, JSON, JsonML and a KMIP binary messages).

Layer 3 - XSLT/XPATH

This layer uses P6R's XSLT 2.0 and XPath 2.0 components. These components are now able to interact with the KMIP binary data in the DOM-tree, allowing it to be search, transformed, modified, etc using standard XSLT and XPath. For example, XSLT could be used to take just out part of a KMIP message, create a new message, or transform the entire message into yet another format (eg. SOAP or XML-RPC).

Full Client Implementation

The SKC™ SDK implements:
  • TTLV (Tag, Type, Length, Value) over SSL/TLS
  • TTLV over HTTPS
  • XML over HTTPS
  • JSON over HTTPS

KMIP 1.0 Operations Supported (both synchronous and asynchronous)

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes, Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, and Server to Client operations: Notify, Put.

KMIP 1.1 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), and Server to Client operations: Notify, Put.

KMIP 1.2 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate, Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt, Decrypt, Sign, Signature Verify, MAC, MAC Verify, RNG Retrieve, RNG Seed, Hash, Create Split Key, Join Split Key, and Server to Client operations: Notify, Put.

KMIP 1.3 Operations Supported (both synchronous and asynchronous):

Create, Create Key Pair, Register, Re-key, Derive Key, Certify, Re-certify, Locate (extended), Check, Get, Get Attributes Get Attribute List, Add Attribute, Modify Attribute, Delete Attribute, Obtain Lease, Get Usage Allocation, Activate, Revoke, Destroy, Archive, Recover, Validate, Query (synch only), Cancel, Poll, Re-key Key Pair, Discover Versions (synch only), Encrypt (streaming/non-streaming), Decrypt (streaming/non-streaming), Sign (streaming/non-streaming), Signature Verify (streaming/non-streaming), MAC (streaming/non-streaming), MAC Verify (streaming/non-streaming), RNG Retrieve, RNG Seed, Hash (streaming/non-streaming), Create Split Key, Join Split Key, and Server to Client operations: Notify, Put, Discover Versions (new), Query (new)

Managed Objects Supported

  • Certificate
  • Symmetric Key
  • Public Key
  • Private Key
  • Split Key
  • Template
  • Secret Data
  • Opaque Object
  • PGP Key

Cryptographic Algorithms

  • DES
  • 3DES
  • DES-X
  • AES (including counter mode)
  • RSA
  • DSA
  • Blowfish
  • CAST5
  • RC2
  • IDEA
  • EC
  • ECDSA
  • ECMQV
  • ECDH
  • DH
  • HMAC-SHA1
  • HMAC-SHA224
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • HMAC-MD2
  • HMAC-MD4
  • HMAC-MD5

Supported Key Formats

  • Raw
  • Opaque
  • PKCS#1
  • PKCS#8
  • X.509
  • Transparent ECDSA Private Key
  • Transparent ECDSA Public Key
  • Transparent ECDH Private Key
  • Transparent ECDH Public Key
  • Transparent ECMQV Private Key
  • Transparent ECMQV Public Key
  • Transparent Symmetric Key
  • Transparent DSA Public Key
  • Transparent DSA Private Key
  • Transparent RSA Public Key
  • Transparent RSA Private Key

Supported Platforms

SKC™ is currently supported on the following platforms:

  • Windows 7/8+ (32bit/64bit), Windows Server 2008R2+ (32bit/64bit)
  • Linux x86 Kernel 2.6+ (32bit/64bit)
  • Linux ARM Kernel 2.6+ (32bit/64bit) (with source license)
  • UEFI 64bit Tianocore Native PE Format (KMIP TTLV encoder/decoder only)
Included in the SKC Secure KMIP Client SDK, is our PKCS11 library that meets the requirements for conformance of a PKCS 11 Extended Provider and Authentication Token (see PKCS11 Cryptographic Token Interface Profiles Version 2.40, 14-Apr-2015, OASIS Committee Specification 01). The library currently provides two tokens (The "KMIP" and "Keystore" tokens) and may be extended by customers to provide their own token types via a plugin interface.

The KMIP Token

This token uses the facilities of a remote KMIP server to implement the features of the PKCS 11 Version 2.40 API allowing developers familiar with PKCS11 to store their keys on a KMIP server without having to learn about the KMIP protocol or KMIP SDKs. Our PKCS11 library allows the definition of any number of KMIP tokens all pointing to the same or different KMIP servers.

The Keystore Software Token

This token uses P6Rs cryptographic API and local secure Keystore to implement the features of the PKCS 11 Version 2.40 API. Our PKCS11 library allows the definition of any number of Keystore software tokens where each token gets its own separate secure Keystore to manage PKCS 11 objects.

HSM Tokens

We have added tokens for these popular HSM's:
  • DocuSign ARX PrivateServer HSM
  • FutureX HSM
  • HPE Atalla HSM (Network Security Processor)
  • Thales nShield Connect HSM
  • Utimaco CryptoServer HSM
Using our PKCS11 library which included as part of the SKC Secure KMIP Client SDK, your applications can now leverage these tokens to communicate with any of these HSM's.

PKCS11 Functions Implemented By The KMIP Token

  • C_Initialize
  • C_Finalize
  • C_GetInfo
  • C_GetFunctionList
  • C_GetSlotList
  • C_GetSlotInfo
  • C_GetTokenInfo
  • C_GetMechanismList
  • C_GetMechanismInfo
  • C_InitToken
  • C_InitPIN
  • C_SetPIN
  • C_OpenSession
  • C_CloseSession
  • C_CloseAllSessions
  • C_GetSessionInfo
  • C_Login
  • C_Logout
  • C_CreateObject
  • C_DestroyObject
  • C_GetAttributeValue
  • C_SetAttributeValue
  • C_FindObjectsInit
  • C_FindObjects
  • C_FindObjectsFinal
  • C_GenerateKey (not including domain parameters)
  • C_GenerateKeyPair
  • C_SeedRandom
  • C_GenerateRandom
  • C_SignInit
  • C_Sign
  • C_VerifyInit
  • C_Verify
  • C_EncryptInit
  • C_Encrypt
  • C_EncryptUpdate
  • C_EncryptFinal
  • C_DecryptInit
  • C_Decrypt
  • C_DecryptUpdate
  • C_DecryptFinal
  • C_DigestInit
  • C_Digest
  • C_DigestUpdate
  • C_DigestKey
  • C_DigestFinal
  • C_WrapKey
  • C_UnwrapKey (if the KMIP server supports unwrapping)

PKCS11 Functions Implemented By The Keystore Token

  • C_Initialize
  • C_Finalize
  • C_GetInfo
  • C_GetFunctionList
  • C_GetSlotList
  • C_GetSlotInfo
  • C_GetTokenInfo
  • C_GetMechanismList
  • C_GetMechanismInfo
  • C_InitToken
  • C_InitPIN
  • C_SetPIN
  • C_OpenSession
  • C_FindObjectsFinal
  • C_CloseSession
  • C_CloseAllSessions
  • C_GetSessionInfo
  • C_Login
  • C_Logout
  • C_CreateObject
  • C_DestroyObject
  • C_GetAttributeValue
  • C_SetAttributeValue
  • C_FindObjectsInit
  • C_FindObjects
  • C_FindObjectsFinal
  • C_GenerateKey (not including domain parameters)
  • C_GenerateKeyPair
  • C_GenerateRandom
  • C_SignInit
  • C_Sign
  • C_VerifyInit
  • C_Verify
  • C_EncryptInit
  • C_Encrypt
  • C_EncryptUpdate
  • C_EncryptFinal
  • C_DecryptInit
  • C_Decrypt
  • C_DecryptUpdate
  • C_DecryptFinal
  • C_DigestInit
  • C_Digest
  • C_DigestUpdate
  • C_DigestFinal
The SKC KMIP Client SDK follows the standards defined in these documents.
The OASIS Key management Interoperability Protocol (KMIP) defines a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. Go to OASIS Key Management Interoperability Protocol (KMIP) Technical Committee to learn more about the KMIP standard.
OASIS PKCS #11 is a standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data). Go to OASIS PKCS #11 Technical Committee to learn more about the PKCS #11 standard.

Standards Reference Documents

OASIS, "Key Management Interoperabilty Protocol Specification 1.0", OASIS Standard, 15 June 2010.
OASIS, "Key Management Interoperabilty Protocol Specification 1.1", OASIS Standard, 24 January 2013.
OASIS, "Key Management Interoperabilty Protocol Specification 1.2", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "Key Management Interoperability Protocol Test Cases Version 1.1", Working Draft 10, 27 April 2012.
OASIS, "Key Management Interoperability Protocol Test Cases Version 1.2", Committee Note 01, 11 November 2014.
OASIS, "KMIP Opaque Managed Object Store Profile Version 1.0", Candidate OASIS Standard 01, 03 Feburary 2015.
OASIS, "KMIP Additional Message Encodings Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Asymmetric Key Lifecycle Profile Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Cryptographic Services Profile Version 1.0", Candidate OASIS Standard 01, 03 Feburary 2015.
OASIS, "KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Symmetric Key Lifecycle Profile Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Opaque Managed Object Store Profile Version 1.0", Candidate OASIS Standard 01, 03 Feburary 2015.
OASIS, "KMIP Tape Library Profile Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0", Candidate OASIS Standard 01, 13 January 2015.
OASIS, "KMIP Suite B Profile Version 1.0, Candidate OASIS Standard 01, 03 Feburary 2015.
OASIS, "Key Management Interoperability Protocol Test Cases Version 1.3", Working Draft 2, 26 January 2015.
OASIS, PKCS #11 Cryptofraphic Token Interface Base Specification Version 2.40, Candidate OASIS Standard 01, 23 December 2014.
OASIS, PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40, Candidate OASIS Standard 01, 23 December 2014.
OASIS, PKCS #11 Cryptographic Token Interfaces Historical Mechamisms Specification Version 2.40, Candidate OASIS Standard 01, 23 December 2014.
The SKC™ Secure KMIP Client SDK conforms to the following standard defined test cases using Tag Type Length Value (TTLV), XML, and JSON message encodings for all tests.

Supported KMIP Profiles

Profile
Baseline Client Basic KMIP V1.2
Baseline Client TLS V1.2 KMIP V1.2
Tape Library Client KMIP V1.0
Tape Library Client KMIP V1.1
Tape Library Client KMIP V1.2
Symmetric Key Lifecycle Client KMIP V1.0
Symmetric Key Lifecycle Client KMIP V1.1
Symmetric Key Lifecycle Client KMIP V1.2
Asymmetric Key Lifecycle Client KMIP V1.0
Asymmetric Key Lifecycle Client KMIP V1.1
Asymmetric Key Lifecycle Client KMIP V1.2
Basic Cryptographic Client KMIP V1.2
Advanced Cryptographic Client KMIP V1.2
RNG Cryptographic Client KMIP V1.2
Basic Symmetric Key Foundry Client KMIP V1.0
Intermediate Symmetric Key Foundry Client KMIP V1.0
Advanced Symmetric Key Foundry Client KMIP V1.0
Basic Symmetric Key Foundry Client KMIP V1.1
Intermediate Symmetric Key Foundry Client KMIP V1.1
Advanced Symmetric Key Foundry Client KMIP V1.1
Basic Symmetric Key Foundry Client KMIP V1.2
Intermediate Symmetric Key Foundry Client KMIP V1.2
Advanced Symmetric Key Foundry Client KMIP V1.2
Opaque Managed Object Store Client KMIP V1.0
Opaque Managed Object Store Client KMIP V1.1
Opaque Managed Object Store Client KMIP V1.2
Suite B MinLOS 128 Client KMIP V1.0
Suite B MinLOS 128 Client KMIP V1.1
Suite B MinLOS 128 Client KMIP V1.2
Suite B MinLOS 192 Client KMIP V1.0
Suite B MinLOS 192 Client KMIP V1.1
Suite B MinLOS 192 Client KMIP V1.2
Storage Array With Self Encrypting Drive Client KMIP V1.0
Storage Array With Self Encrypting Drive Client KMIP V1.1
Storage Array With Self Encrypting Drive Client KMIP V1.2
HTTPS Client KMIP V1.0
HTTPS Client KMIP V1.1
HTTPS Client KMIP V1.2
JSON Client KMIP V1.0
JSON Client KMIP V1.1
JSON Client KMIP V1.2
XML Client KMIP V1.0
XML Client KMIP V1.1
XML Client KMIP V1.2
Baseline Client Basic KMIP V1.3
Baseline Client TLS V1.2 KMIP V1.3
Tape Library Client KMIP V1.3
Symmetric Key Lifecycle Client KMIP V1.3
Asymmetric Key Lifecycle Client KMIP V1.3
Basic Cryptographic Client KMIP V1.3
Advanced Cryptographic Client KMIP V1.3
RNG Cryptographic Client KMIP V1.3
Basic Symmetric Key Foundry Client KMIP V1.3
Intermediate Symmetric Key Foundry Client KMIP V1.3
Advanced Symmetric Key Foundry Client KMIP V1.3
Opaque Managed Object Store Client KMIP V1.3
Suite B minLOS 128 Client KMIP V1.3
Suite B minLOS 192 Client KMIP V1.3
Storage Array With Self Encrypting Drive Client KMIP V1.3
HTTPS Client KMIP V1.3
JSON Client KMIPV 1.3
XML Client KMIP V1.3
Baseline Client Basic KMIP V1.4
Baseline Client TLS V1.2 KMIP V1.4
Tape Library Client KMIP V1.4
Symmetric Key Lifecycle Client KMIP V1.4
Asymmetric Key Lifecycle Client KMIP V1.4
Basic Cryptographic Client KMIP V1.4
Advanced Cryptographic Client KMIP V1.4
RNG Cryptographic Client KMIP V1.4
Basic Symmetric Key Foundry Client KMIP V1.4
Intermediate Symmetric Key Foundry Client KMIP V1.4
Advanced Symmetric Key Foundry Client KMIP V1.4
Opaque Managed Object Store Client KMIP V1.4
Suite B minLOS 128 Client KMIP V1.4
Suite B minLOS 192 Client KMIP V1.4
Storage Array With Self Encrypting Drive Client KMIP V1.4
HTTPS Client KMIP V1.4
JSON Client KMIP V1.4
XML Client KMIP V1.4

KMIP Version 1.0 Test Cases Supported

Test CaseDescription
TC-311-10Create / Destroy
TC-312-10Register / Create / Get attributes / Destroy
TC-313-10Create / Locate / Get / Destroy
TC-314-10Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-10Register / Destroy Secret Data
TC-32-10Asynchronous Locate
TC-41-10Revoke Scenario
TC-51-10Get Usage Allocation Scenario
TC-61-10Import of a Third-party Key
TC-71-10Unrecognized Message Extension with Criticality Indicator False
TC-72-10Unrecognized Message Extension with Criticality Indicator True
TC-81-10Create a Key Pair
TC-82-10Register Both Halves of a Key Pair
TC-91-10Create a Key, Re-key
TC-92-10Existing Key Expired, Re-key with Same Life-cycle
TC-93-10Existing Key Compromised, Re-key with Same Life-cycle
TC-94-10Create Key, Re-key with New Life-cycle
TC-95-10Obtain Lease for Expired Key
TC-101-10Create a Key, Archive and Recover it
TC-111-10Credential, Operation Policy, Destroy Date
TC-121-10Query, Maximum Response Size
TC-131-10Register an Asymmetric Key Pair in PKCS1 Format
TC-132-10Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-134-10Register Key Pair, Certify and Re-certify Public Key
TC-NP-1-10Put
TC-NP-2-10Notify & Put
TC-ECC-1-10Register an ECC Key Pai
TC-ECC-2-10Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-10Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-10Derive Symmetric Key HASH
TC-DERIVEKEY-2-10Derive Symmetric Key HMAC
TC-DERIVEKEY-3-10Derive Symmetric Key with secret data
TC-DERIVEKEY-4-10Derive Symmetric Key with secret data
TC-DERIVEKEY-5-10Derive Symmetric Key with secret data
TC-REKEY-1-10Rekey multiple times
TC-AESXTS-1-10Two key encryption
TC-I18N-1-10Unicode characters in attributes values
TC-I18N-2-10Unicode characters in attributes values
TC-I18N-3-10Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-10Two key encryption
TC-I18N-1-10UTF8 character in attribute
TC-I18N-2-10UTF8 character in attribute
TC-I18N-3-10UTF8 character in attribute
TC-REKEY-1-10Rekey multiple times
TC-DERIVEKEY-1-10Derive Symmetric Key
TC-DERIVEKEY-2-10Derive Symmetric Key
TC-DERIVEKEY-3-10Derive Symmetric Key
TC-DERIVEKEY-4-10Derive Symmetric Key
TC-DERIVEKEY-5-10Derive Symmetric Key

KMIP Version 1.0 Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-10Create, GetAttributes, Destroy
SKLC-M-2-10Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-10Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-10Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.0 Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-10 Create, Destroy AES-128
SKFF-M-2-10 Create, Destroy AES-192
SKFF-M-3-10 Create, Destroy AES-256
SKFF-M-4-10 Create, Destroy DES3-168
SKFF-M-5-10 Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-10 Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-10 Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-10 Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-10 Create, Destroy SKIPJACK-80
SKFF-O-2-10 Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-10 Create, Destroy DES3-112
SKFF-O-5-10 Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-10 Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.0 Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-10CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-10CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-10CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-10CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.0 Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-10Register small opaque objecty
OMOS-O-1-10Register large (>10k) opaque objecty

KMIP Version 1.0 KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-10Configuration
TL-M-2-10Write with new (created) key
TL-M-3-10Read an encrypted tape

KMIP Version 1.0 Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-10Configuration
SASED-M-2-10Register the authentication key
SASED-M-3-10Retrieve Authentication Key

SEPATON Profile Version 1.0

Test CaseDescription
SEPATON-1-10Query
SEPATON-2-10Locate, Create
SEPATON-3-10Locate, Get, GetAttributes, Activate, GetAttributes

KMIP Version 1.1 Test Cases Supported

Test CaseDescription
TC-311-11Create / Destroy
TC-312-11Register / Create / Get attributes / Destroy
TC-313-11Create / Locate / Get / Destroy
TC-314-11Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-11Register / Destroy Secret Data
TC-32-11Asynchronous Locate
TC-41-11Revoke Scenario
TC-51-11Get Usage Allocation Scenario
TC-61-11Import of a Third-party Key
TC-71-11Unrecognized Message Extension with Criticality Indicator False
TC-72-11Unrecognized Message Extension with Criticality Indicator True
TC-81-11Create a Key Pair
TC-82-11Register Both Halves of a Key Pair
TC-91-11Create a Key, Re-key
TC-92-11Existing Key Expired, Re-key with Same Life-cycle
TC-93-11Existing Key Compromised, Re-key with Same Life-cycle
TC-94-11Create Key, Re-key with New Life-cycle
TC-95-11Obtain Lease for Expired Key
TC-101-11Create a Key, Archive and Recover it
TC-111-11Credential, Operation Policy, Destroy Date
TC-112-11Device Credential, Operation Policy, Destroy Date
TC-121-11Query, Maximum Response Size
TC-122-11Query Vendor Extensions
TC-131-11Register an Asymmetric Key Pair in PKCS1 Format
TC-132-11Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-133-11Create, Re-key Key Pair
TC-134-11Register Key Pair, Certify and Re-certify Public Key
TC-141-11Key Wrapping using AES Key Wrap and No Encoding
TC-142-11Key Wrapping using AES Key Wrap with Attributes
TC-151-11Locate a Fresh Object from the Default Group
TC-152-11Client-side Group Management
TC-153-11Default Object Group Member
TC-161-11Discover Versions
TC-171-11Handling of Attributes and Attribute Index Values
TC-181-11Digests of Symmetric Keys
TC-182-11Digests of RSA Private Keys
TC-NP-1-11Put
TC-NP-2-11Notify & Put
TC-ECC-1-11Register an ECC Key Pair
TC-ECC-2-11Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-11Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-11Derive Symmetric Key HASH
TC-DERIVEKEY-2-11Derive Symmetric Key HMAC
TC-DERIVEKEY-3-11Derive Symmetric Key with secret data
TC-DERIVEKEY-4-11Derive Symmetric Key with secret data
TC-DERIVEKEY-5-11Derive Symmetric Key with secret data
TC-REKEY-1-11Rekey multiple times
TC-AESXTS-1-11Two key encryption
TC-I18N-1-11Unicode characters in attributes values
TC-I18N-2-11Unicode characters in attributes values
TC-I18N-3-11Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-11Two key encryption
TC-I18N-1-11UTF8 character in attribute
TC-I18N-2-11UTF8 character in attribute
TC-I18N-3-11UTF8 character in attribute
TC-REKEY-1-11Rekey multiple times
TC-DERIVEKEY-1-11Derive Symmetric Key
TC-DERIVEKEY-2-11Derive Symmetric Key
TC-DERIVEKEY-3-11Derive Symmetric Key
TC-DERIVEKEY-4-11Derive Symmetric Key
TC-DERIVEKEY-5-11Derive Symmetric Key

KMIP Version 1.1 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-11Create, GetAttributes, Destroy
SKLC-M-2-11Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-11Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-11Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.1 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-11Create, Destroy AES-128
SKFF-M-2-11Create, Destroy AES-192
SKFF-M-3-11Create, Destroy AES-256
SKFF-M-4-11Create, Destroy DES3-168
SKFF-M-5-11Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-11Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-11Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-11Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-11Create, Destroy SKIPJACK-80
SKFF-O-2-11Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-11Create, Destroy DES3-112
SKFF-O-5-11Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-11Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.1 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-11CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-11CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-11CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-11CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.1 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-11Register small opaque object
OMOS-O-1-11Register large (>10k) opaque object

KMIP Version 1.1 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-11Configuration
TL-M-2-11Write with new (created) key
TL-M-3-11Read an encrypted tape

KMIP Version 1.1 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-11Configuration
SASED-M-2-11Register the authentication key
SASED-M-3-11Retrieve Authentication Key

KMIP Version 1.2 Test Cases Supported

Test CaseDescription
TC-311-12Create / Destroy
TC-312-12Register / Create / Get attributes / Destroy
TC-313-12Create / Locate / Get / Destroy
TC-314-12Dual Client Test Case, ID Placeholder-linked Locate & Get Batch
TC-315-12Register / Destroy Secret Data
TC-32-12Asynchronous Locate
TC-41-12Revoke Scenario
TC-51-12Get Usage Allocation Scenario
TC-61-12Import of a Third-party Key
TC-71-12Unrecognized Message Extension with Criticality Indicator False
TC-72-12Unrecognized Message Extension with Criticality Indicator True
TC-81-12Create a Key Pair
TC-82-12Register Both Halves of a Key Pair
TC-91-12Create a Key, Re-key
TC-92-12Existing Key Expired, Re-key with Same Life-cycle
TC-93-12Existing Key Compromised, Re-key with Same Life-cycle
TC-94-12Create Key, Re-key with New Life-cycle
TC-95-12Obtain Lease for Expired Key
TC-101-12Create a Key, Archive and Recover it
TC-111-12Credential, Operation Policy, Destroy Date
TC-112-12Device Credential, Operation Policy, Destroy Date
TC-121-12Query, Maximum Response Size
TC-122-12Query Vendor Extensions
TC-131-12Register an Asymmetric Key Pair in PKCS1 Format
TC-132-12Register an Asymmetric Key Pair and a Corresponding X509 Certificate
TC-133-12Create, Re-key Key Pair
TC-134-12Register Key Pair, Certify and Re-certify Public Key
TC-141-12Key Wrapping using AES Key Wrap and No Encoding
TC-142-12Key Wrapping using AES Key Wrap with Attributes
TC-151-12Locate a Fresh Object from the Default Group
TC-152-12Client-side Group Management
TC-153-12Default Object Group Member
TC-161-12Discover Versions
TC-171-12Handling of Attributes and Attribute Index Values
TC-181-12Digests of Symmetric Keys
TC-182-12Digests of RSA Private Keys
TC-PGP-1-12Register PGP Key - RSA
TC-MDO-1-12Register MDO Key
TC-MDO-2-12Locate MDO keys by Key Value Present
TC-MDO-3-12Register MDO Key using PKCS11 URI
TC-SJ-1-12Create and Split/Join
TC-SJ-2-12Register and Split / Join
TC-SJ-3-12Join Split Keys
TC-SJ-4-12Register and Split / Join with XOR
TC-NP-1-12Put
TC-NP-2-12Notify & Put
TC-ECC-1-12Register an ECC Key Pair
TC-ECC-2-12Register an ECC Key Pair in PKCS8 Format
TC-ECC-3-12Register an ECC Key Pair and ECDSA Certificate
TC-DERIVEKEY-1-12Derive Symmetric Key HASH
TC-DERIVEKEY-2-12Derive Symmetric Key HMAC
TC-DERIVEKEY-3-12Derive Symmetric Key with secret data
TC-DERIVEKEY-4-12Derive Symmetric Key with secret data
TC-DERIVEKEY-5-12Derive Symmetric Key with secret data
TC-REKEY-1-12Rekey multiple times
TC-AESXTS-1-12Two key encryption
TC-I18N-1-12Unicode characters in attributes values
TC-I18N-2-12Unicode characters in attributes values
TC-I18N-3-12Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-12Two key encryption
TC-I18N-1-12UTF8 character in attribute
TC-I18N-2-12UTF8 character in attribute
TC-I18N-3-12UTF8 character in attribute
TC-REKEY-1-12Rekey multiple times
TC-DERIVEKEY-1-12Derive Symmetric Key
TC-DERIVEKEY-2-12Derive Symmetric Key
TC-DERIVEKEY-3-12Derive Symmetric Key
TC-DERIVEKEY-4-12Derive Symmetric Key
TC-DERIVEKEY-5-12Derive Symmetric Key

KMIP Version 1.2 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-12Create, GetAttributes, Destroy
SKLC-M-2-12Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-12Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-12Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.2 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-12Create, Destroy AES-128
SKFF-M-2-12Create, Destroy AES-192
SKFF-M-3-12Create, Destroy AES-256
SKFF-M-4-12Create, Destroy DES3-168
SKFF-M-5-12Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-12Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-12Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-12Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-12Create, Destroy SKIPJACK-80
SKFF-O-2-12Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-12Create, Destroy DES3-112
SKFF-O-5-12Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-12Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.2 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-12CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-12CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-12CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-12CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.2 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-12Register small opaque object
OMOS-O-1-12Register large (>10k) opaque object

KMIP Version 1.2 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-12Configuration
TL-M-2-12Write with new (created) key
TL-M-3-12Read an encrypted tape

KMIP Version 1.2 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-12Configuration
SASED-M-2-12Register the authentication key
SASED-M-3-12Retrieve Authentication Key

KMIP Version 1.2 - KMIP Cryptographic Services Profile Supported

Test CaseDescription
CS-BC-M-1-12Encrypt with New Symmetric Key
CS-BC-M-2-12Decrypt with New Symmetric Key
CS-BC-M-3-12Encrypt and Decrypt with New Symmetric Key
CS-BC-M-4-12Encrypt with Known Symmetric Key
CS-BC-M-5-12Decrypt with Known Symmetric Key
CS-BC-M-6-12Encrypt and Decrypt with Known Symmetric Key
CS-BC-M-7-12Encrypt with Known Symmetric Key with Usage Limits
CS-BC-M-8-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-9-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-10-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
CS-BC-M-11-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-12-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-13-12Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and Random IV
CS-BC-M-14-12Encrypt and Decrypt with Known Symmetric Key Date Checks
CS-RNG-M-1-12RNG Retrieve
CS-RNG-O-1-12Seed RNG with Server Accept
CS-RNG-O-2-12Seed RNG with Server Partial Acceptt
CS-RNG-O-3-12Seed RNG with Server Ignoret
CS-RNG-O-4-12Seed RNG with Server Denyt
CS-AC-M-1-12Sign with Known Asymmetric Key
CS_AC-M-2-12Signature Verify with Known Asymmetric Key
CS-AC-M-3-12Sign and Signature Verify with Known Asymmetric Key
CS-AC-M-4-12MAC with Known Key
CS_AC-M-5-12MAC Verify with Known Key
CS-AC-M-6-12MAC and MAC Verify with Known Key
CS-AC-M-7-12Hash
CS-AC-M-8-12Sign and Signature Verify with Known Asymmetric Key Date Checks

KMIP 1.0, 1.1, 1.2 and 1.3 - KMIP Additional Message Encodings Supported

Test CaseDescription
MSGENC-HTTPS-1-10HTTPS POST: Query, Maximum Response Size
MSGENC-XML-1-10Message Encoding XML: Query, Maximum Response Size (In addition, we have run all above test cases in XML mode.)
MSGENC-JSON-1-10Message Encoding JSON: Query, Maximum Response Size (In addition, we have run all above test cases in JSON mode.)

KMIP 1.0, 1.1, 1.2, and 1.3 - KMIP Suite B Profile Version 1.0

Test CaseDescription
SUITEB_128-M-1-10 Query
SUITEB_192-M-1-10 Query
SUITEB_128-M-1-11 Query
SUITEB_192-M-1-11 Query
SUITEB_128-M-1-12 Query
SUITEB_192-M-1-12 Query

KMIP Version 1.3 Test Cases Supported

Test CaseDescription
TC-CREG-2-13Retrieve Initial Client Credentials
TC-OTP-1-13One Time Pad support
TC-OTP-2-13One Time Pad support
TC-OTP-3-13One Time Pad support
TC-OTP-4-13One Time Pad support
TC-Q-CAP-1-13Query Server Capabilities
TC-Q-CAP-2-13Query Server Capabilities
TC-Q-CREG_1-13Query Server Client Registration Methods
TC-Q-PROF-1-13Query Server supported profiles
TC-Q-PROF-2-13Query Server supported profiles
TC-Q-PROF-3-13Query Server supported profiles
TC-Q-RNGS-1-13Query Server supported RNG
TC-Q-RNGS-2-13Query Server supported RNG
TC-Q-RNGS-3-13Query Server supported RNG
TC-Q-RNGS-4-13Query Server supported RNG
TC-Q-RNGS-5-13Query Server supported RNG
TC-Q-S2C-1-13Server to Client Query client capabilities
TC-Q-S2C-2-13Server to Client Query client supported KMIP protocol versions
TC-Q-S2C-PROF-1-13Server to Client Query client supported profiles
TC-Q-S2C-PROF-2-13Server to Client Query client supported profiles
TC-Q-VAL-1-13Query Server Validations
TC-Q-VAL-2-13Query Server Validations
TC-RNG-ATTR-1-13Register / Get Attributes / Destroy
TC-RNG-ATTR-2-13Register / Get Attributes / Destroy
TC-STREAM-HASH-1-13Streaming) Hash
TC-STREAM-HASH-2-13Streaming) Hash
TC-STREAM-HASH-3-13Streaming) Hash
TC-STREAM-ENC-1-13Streaming) Encrypt with New Symmetric Key
TC-STREAM-ENC-2-13Streaming) Encrypt with Known Symmetric Key
TC-STREAM-ENCDEC-1-13Streaming) Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
TC-OFFSET-1-13Locate with offset
TC-OFFSET-2-13Locate with offset
TC-DERIVEKEY-1-13Derive Symmetric Key HASH
TC-DERIVEKEY-2-13Derive Symmetric Key HMAC
TC-DERIVEKEY-3-13Derive Symmetric Key with secret data
TC-DERIVEKEY-4-13Derive Symmetric Key with secret data
TC-DERIVEKEY-5-13Derive Symmetric Key with secret data
TC-REKEY-1-13Rekey multiple times
TC-AESXTS-1-13Two key encryption
TC-I18N-1-13Unicode characters in attributes values
TC-I18N-2-13Unicode characters in attributes values
TC-I18N-3-13Unicode characters in attributes values and custom attribute names
TC-AESXTS-1-13Two key encryption
TC-OTP-5-13One Time Pad support
TC-I18N-1-13UTF8 character in attribute
TC-I18N-2-13UTF8 character in attribute
TC-I18N-3-13UTF8 character in attribute
TC-REKEY-1-13Rekey multiple times
TC-DERIVEKEY-1-13Derive Symmetric Key
TC-DERIVEKEY-2-13Derive Symmetric Key
TC-DERIVEKEY-3-13Derive Symmetric Key
TC-DERIVEKEY-4-13Derive Symmetric Key
TC-DERIVEKEY-5-13Derive Symmetric Key

KMIP Version 1.3 - Asymmetric Key Lifecycle Profile Supported

Test CaseDescription
AKLC-M-1-13CreateKeyPair, GetAttributes, GetAttributes, Destroy
AKLC-M-2-13CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-M-3-13CreateKeyPair, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
AKLC-O-1-13CreateKeyPair, GetAttributes, Destroy, GetAttributes

KMIP Version 1.3 - KMIP Opaque Managed Object Store Profile

Test CaseDescription
OMOS-M-1-13Register small opaque object
OMOS-O-1-13Register large (>10k) opaque object

KMIP Version 1.3 - KMIP Tape Library Profile Version 1.0

Test CaseDescription
TL-M-1-13Configuration
TL-M-2-13Write with new (created) key
TL-M-3-13Read an encrypted tape

KMIP Version 1.3 - Symmetric Key Foundry for FIPS 140-2 Profile

Test CaseDescription
SKFF-M-1-13Create, Destroy AES-128
SKFF-M-2-13Create, Destroy AES-192
SKFF-M-3-13Create, Destroy AES-256
SKFF-M-4-13Create, Destroy DES3-168
SKFF-M-5-13Create, Locate, Get, Destroy, Locate AES-128
SKFF-M-6-13Create, Locate, Get, Destroy, Locate AES-192
SKFF-M-7-13Create, Locate, Get, Destroy, Locate AES-256
SKFF-M-8-13Create, Locate, Get, Destroy, Locate DES3-168
SKFF-M-9-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-128
SKFF-M-10-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-192
SKFF-M-11-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy AES-256
SKFF-M-12-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-168
SKFF-O-1-13Create, Destroy SKIPJACK-80
SKFF-O-2-13Create, Locate, Get, Destroy, Locate SKIPJACK-80
SKFF-O-3-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy SKIPJACK-80
SKFF-O-4-13Create, Destroy DES3-112
SKFF-O-5-13Create, Locate, Get, Destroy, Locate DES3-112
SKFF-O-6-13Create, Get, Activate, Revoke, Locate, Add/Mod/Del Attributes, Destroy DES3-112

KMIP Version 1.3 - Symmetric Key Lifecycle Profile

Test CaseDescription
SKLC-M-1-13Create, GetAttributes, Destroy
SKLC-M-2-13Create, GetAttributes, Activate, GetAttributes, Destroy, Revoke, GetAttributes, Destroy
SKLC-M-3-13Create, GetAttributes, Activate, GetAttributes, ModifyAttribute, Revoke, GetAttributes, Destroy
SKLC-O-1-13Create, GetAttributes, Destroy, GetAttributes

KMIP Version 1.3 - Key Management Interoperability Protocol Storage Array with Self-Encrypting Drives Profile Version 1.0

Test CaseDescription
SASED-M-1-13Configuration
SASED-M-2-13Register the authentication key
SASED-M-3-13Retrieve Authentication Key

KMIP Version 1.3 - KMIP Cryptographic Services Profile Supported

Test CaseDescription
CS-BC-M-1-13Encrypt with New Symmetric Key
CS-BC-M-2-13Decrypt with New Symmetric Key
CS-BC-M-3-13Encrypt and Decrypt with New Symmetric Key
CS-BC-M-4-13Encrypt with Known Symmetric Key
CS-BC-M-5-13Decrypt with Known Symmetric Key
CS-BC-M-6-13Encrypt and Decrypt with Known Symmetric Key
CS-BC-M-7-13Encrypt with Known Symmetric Key with Usage Limits
CS-BC-M-8-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-9-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding
CS-BC-M-10-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC
CS-BC-M-11-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-12-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV
CS-BC-M-13-13Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and Random IV
CS-BC-M-14-13Encrypt and Decrypt with Known Symmetric Key Date Checks
CS-RNG-M-1-13RNG Retrieve
CS-RNG-O-1-13Seed RNG with Server Accept
CS-RNG-O-2-13Seed RNG with Server Partial Acceptt
CS-RNG-O-3-13Seed RNG with Server Ignoret
CS-RNG-O-4-13Seed RNG with Server Denyt
CS-AC-M-1-13Sign with Known Asymmetric Key
CS_AC-M-2-13Signature Verify with Known Asymmetric Key
CS-AC-M-3-13Sign and Signature Verify with Known Asymmetric Key
CS-AC-M-4-13MAC with Known Key
CS_AC-M-5-13MAC Verify with Known Key
CS-AC-M-6-13MAC and MAC Verify with Known Key
CS-AC-M-7-13Hash
CS-AC-M-8-13Sign and Signature Verify with Known Asymmetric Key Date Checks

KMIP Version 1.4 - Test Cases Supported

Test CaseDescription
AX-M-1-14Two key encryption
AX-M-2-14Two key encryption
TC-CERTATTR-1-14Certificate attributes
TC-CREG-2-14Client Registration
TC-CS-CORVAL-1-14Server/Client correlation values
TC-CREATE-SD-1-14Create Secret Data Object
TC-DERIVEKEY-1-14Derive Symmetric Key
TC-DERIVEKEY-2-14Derive Symmetric Key
TC-DERIVEKEY-3-14Derive Symmetric Key
TC-DERIVEKEY-4-14Derive Symmetric Key
TC-DERIVEKEY-5-14Derive Symmetric Key
TC-DERIVEKEY-6-14Derive Symmetric Key
TC-I18N-1-14UTF8 character in attribute
TC-I18N-2-14UTF8 character in attribute
TC-I18N-3-14UTF8 character in attribute
TC-ECDSA-SIGN-1-14ECC Key Pair Sign
TC-ECDSA-SIGN-DIGESTEDDATA-1-14ECC Key Pair Sign Digested
TC-RSA-SIGN-DIGESTEDDATA-1-14RSA Key Pair Sign Digested
TC-PKCS12-1-14PKCS#12 Private Key Export
TC-PKCS12-2-14PKCS#12 Private Key Export
TC_STREAM_SIGN_1_14Stream Sign with Asymmetric key
TC-STREAM-SIGNVFY-1-14Stream Sign Verify
TC-REKEY-1-14Rekey multiple times
CS-BC-M-GCM-1-14Encrypt/Decrypt Symmetric Key in GCM
CS-BC-M-GCM-2-14Encrypt/Decrypt Symmetric Key in GCM
CS-BC-M-GCM-3-14Encrypt/Decrypt Symmetric Key in GCM
CS-AC-OAEP-1-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-2-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-3-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-4-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-5-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-6-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-7-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-8-14Decrypt OAEP with known Asymmetric key
CS-AC-OAEP-9-14Encrypt OAEP with known Asymmetric key
CS-AC-OAEP-10-14Decrypt OAEP with known Asymmetric key
Secure KMIP Client SDK Export Compliance
We have some good news regarding compliance with U.S. export controls!
P6R has obtained a Commodity Classification (Form BIS-6002L ~ CCATS No. G154787) from the Commerce Department's Bureau of Industry and Security confirming that the SKC Secure KMIP Client SDK is classified under Export Control Classification Number 5D002.c.1 on the Commerce Control List of the Export Administration Regulations (EAR).
As a result, SKC Secure KMIP Client SDK software now is eligible for export under the provisions of License Exception ENC/Unrestricted, pursuant to Section 740.17(b)(3) of the EAR. As such, SKC Secure KMIP Client SDK software may be exported and reexported to all countries except Cuba, Iran, North Korea, Syria and Sudan, subject to the standard restrictions on end-user and end-use described in the EAR. For more information regarding the use of License Exception ENC and other requirements of the EAR, please visit the Bureau of Industry and Security's website www.bis.doc.gov or contact their offices directly: Bureau of Industry and Security, Washington, D.C. (202) 482-4811
If you need further assistance or have more questions about SKC Secure KMIP Client SDK's export compliance, please Contact Us.

Licensing and Upgrades


Our "Develop Anywhere / Deploy Anywhere"™ License Highlights

  • Per-product license, no per developer costs.
  • Royalty free runtime. The DLLs can be redistributed royalty free with your product on any supported platforms.
  • One license covers all platforms. No need to purchase a license for each platform.
  • Includes 1 year of support and upgrade maintenance (support through our Helpdesk)
Our products and this license are designed to enable you to develop, test and deploy your solutions on any platform or platforms (that we support) without per-seat or per-platform restrictions.
                        P6R Software Library License Agreement v2.2

                        PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE
                        DOWNLOADING OR USING THE SOFTWARE.

                        BY DOWNLOADING, INSTALLING, COPYING, CLICKING ON THE "I ACCEPT
                        THE AGREEMENT" BUTTON DURING INSTALLATION, OR OTHERWISE USING
                        THE SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT.
                        IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK
                        THE "I DO NOT ACCEPT THE AGREEMENT" BUTTON AND THE INSTALLATION
                        PROCESS WILL NOT CONTINUE.  DESTROY ALL COPIES OF THE SOFTWARE
                        (INCLUDING THE ORIGINAL) PROVIDED TO THE LICENSEE AND CONTACT P6R
                        INC, FOR A FULL REFUND, OR DO NOT DOWNLOAD THE PRODUCT.

                        1. Definitions

                        a) "Software" is defined as all materials in the
                        product distribution, including, but not limited to:
                        documentation, source code, header files, dynamic-link libraries,
                        shared libraries, static libraries, object code, executables,
                        makefiles, scripts, example source code, and license files.

                        b) "Redistributable Software" are files listed in the redist.txt
                        file included with the Software.  The files listed in
                        redist.txt comprise the binary runtime components and support files
                        necessary to deploy applications built with the Software into
                        an end user environment.

                        c) "Licensee" shall refer to the individual licensee, either
                        individual programmer or company or other organization.

                        d) "Documentation" is any explanatory written material included
                        with the Software or available on P6R Inc's website in relation
                        to the Software.


                        2. General

                        The Software is owned by P6R, Inc. and is protected under US
                        copyright laws and international treaties. The Software is
                        licensed not sold, and P6R, Inc. reserves all rights not
                        expressly granted to the Licensee in this Agreement.  Ownership
                        of intellectual property rights in the Software shall at all
                        times remain with P6R, Inc.


                        3. License.

                        a) Software License.
                        Subject to payment of the fee required for the license and the
                        terms and conditions set forth in this Agreement, P6R, Inc. hereby
                        grants to Licensee a perpetual, non-exclusive, non-transferable,
                        limited worldwide license (a) to use the Software in a single
                        product and, (b) to use the Documentation (on and off-line).

                        c) Redistribution
                        Licensee's are also granted the right to reproduce and redistribute
                        the Redistributable Software only as part of Licensee's product
                        on a royalty-free basis to any number of end users as well as
                        Licensee's authorized distributers, worldwide, subject to the
                        restrictions set forth in section (4) "License Restrictions" below.

                        d) Example Code License
                        In addition, P6R, Inc. hereby grants to Licensee a perpetual,
                        non-exclusive, non-transferable, limited worldwide license
                        to use, modify, and redistribute the example code only when
                        incorporated into the Licensee's product(s) in binary form.

                        e) Trial License
                        Copies of the Software downloaded or otherwise obtained for
                        evaluation are subject to the following conditions:  The
                        Licensee may install one copy of the Software for the purpose
                        of evaluation for a period of thirty (30) days from the
                        initial download date.  Upon expiration of the evaluation
                        time, the Software must be erased from the computer.  Under
                        no circumstances may the trial software be used for
                        commercial/production purposes. The Software may include
                        mechanisms to enforce the license terms and stop functioning
                        when the 30 day evaluation period has been completed.

                        4. License Restrictions

                        a) Licensee may not reverse engineer, decompile, or disassemble,
                        any binary form of any portion of the Software.

                        b) Licensee can not transfer, rent, lease, or sublicense the
                        Software, or any portions thereof.

                        c) Licensee can not change or remove the copyright notice from
                        any of the files included in the Software.

                        d) Licensee may only distribute the Redistributable Software as
                        part of a software application or development library produced
                        by the Licensee that adds significant primary functionality to
                        the Redistributable Software. LICENSEE MAY NOT, UNDER ANY
                        CIRCUMSTANCES, DISTRIBUTE THE SOFTWARE AS PART OF A PRODUCT
                        WHICH CONTAINS THE SAME, OR SUBSTANTIALLY THE SAME,
                        FUNCTIONALITY AS THE SOFTWARE.

                        e) Licensee may not distribute the Redistributable Software in
                        any software development product or toolkit meant for use by other
                        developers other than the Licensee(s) that contains the same, or
                        substantially the same, functionality as the Software.

                        f) Applications created by the Licensee that include the
                        Redistributable Software must be distributed with terms no less
                        protective of the Software and Redistributable Software than
                        those contained herein.

                        5. DISCLAIMER OF EXPRESS AND IMPLIED WARRANTIES

                        THE SOFTWARE IS LICENSED "AS IS", WITH ALL FAULTS. THERE ARE NO
                        WARRANTIES, EXPRESS OR IMPLIED. THE ENTIRE RISK AS TO THE QUALITY
                        AND PERFORMANCE OF THE SOFTWARE IS WITH THE LICENSEE. SHOULD THE
                        SOFTWARE PROVE DEFECTIVE, THE LICENSEE AND NOT P6R, INC. ASSUMES
                        THE ENTIRE COST OF ALL NECESSARY REVISION, MODIFICATION OR OTHER
                        CORRECTIVE MEASURES. IN PARTICULAR AND WITHOUT LIMITATION, THE
                        SOFTWARE IS LICENSED WITH NO IMPLIED WARRANTY OF MERCHANTABILITY,
                        NO IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, NO
                        IMPLIED WARRANTY OF NON-INFRINGEMENT OF INTELLECTUAL PROPERTY
                        RIGHTS,	NO IMPLIED WARRANTY BASED UPON COURSE OF PRIOR DEALING,
                        AND NO IMPLIED WARRANTY BASED UPON USAGE OF TRADE. FURTHER,
                        P6R, INC. DOES NOT WARRANT THAT THE OPERATION OF THE SOFTWARE
                        WILL BE UNINTERRUPTED OR ERROR-FREE, AND THE LICENSEE
                        ACKNOWLEDGES THAT IT IS NOT TECHNOLOGICALLY PRACTICABLE FOR
                        P6R, INC. TO DO SO.


                        6.	  LIMITATION OF DAMAGES AND REMEDIES

                        IF A LICENSEE IS FOR ANY REASON DISSATISFIED WITH THE SOFTWARE,
                        THAT LICENSEE MAY GIVE NOTICE TO P6R, INC. WITHIN 30 DAYS OF
                        LICENSURE AND OBTAIN A FULL REFUND OF THE LICENSE FEE ACTUALLY
                        PAID TO AND RECEIVED BY P6R, INC.  THIS RIGHT TO GIVE NOTICE
                        EXPIRES 30 DAYS FROM LICENSURE, REGARDLESS WHETHER THE 30TH
                        DAY FALLS ON A SATURDAY, SUNDAY OR HOLIDAY.  IMMEDIATELY UPON
                        GIVING SUCH NOTICE, LICENSEE SHALL DESTROY OR RETURN TO
                        P6R, INC. ALL COPIES OF THE SOFTWARE, EXCEPT INSOFAR AS
                        PORTIONS OF THE SOFTWARE HAVE ALREADY BEEN LAWFULLY
                        INCORPORATED IN LICENSEE'S OWN WORK PRODUCT WHICH HAS BEEN
                        SOLD AND DELIVERED TO THIRD PARTIES.  EXCEPT AS EXPRESSLY
                        PROVIDED IN THIS PARAGRAPH, P6R, INC. SHALL NOT BE LIABLE FOR
                        ANY CLAIM, ASSERTED BY THE LICENSEE OR BY THIRD PARTIES,
                        ARISING UNDER BREACH OF WARRANTY OR ANY OTHER LEGAL OR
                        EQUITABLE THEORY, WHETHER FOR INCIDENTAL OR CONSEQUENTIAL
                        DAMAGES, LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS
                        OF BUSINESS INFORMATION, PERSONAL INJURY, OR OTHERWISE, ARISING
                        OUT OF THE LICENSE, THE USE OF THE SOFTWARE, OR THE INABILITY TO
                        USE THE SOFTWARE, EVEN IF P6R, INC. HAS BEEN ADVISED OF THE
                        POSSIBILITY OF SUCH CLAIM OR DAMAGES.  LICENSEE'S AND THIRD
                        PARTIES' EXCLUSIVE REMEDY FOR ANY AND ALL CLAIMS ARISING IN
                        CONNECTION WITH THE LICENSE OR THE SOFTWARE SHALL BE RECOVERY OF
                        THE LICENSE FEE ACTUALLY PAID TO AND RECEIVED BY P6R, INC.  THIS
                        LICENSE PROVIDES SPECIFIC LEGAL RIGHTS, AND THE LICENSEE MAY ALSO
                        HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE.


                        7. UNAUTHORIZED USE

                        THE SOFTWARE IS NOT DESIGNED, AUTHORIZED OR INTENDED FOR USE IN
                        ANY TYPE OF SYSTEM OR APPLICATION IN WHICH THE FAILURE OF THE
                        SOFTWARE COULD CAUSE PERSONAL INJURY OR DEATH (EG. ANY
                        TYPE OF MEDICAL SYSTEMS, IN THE DESIGN, CONSTRUCTION, OPERATION
                        OR MAINTENANCE OF ANY NUCLEAR FACILITY OR WEAPONS SYSTEMS, IN
                        THE CONTROL OF AIRCRAFT, AIRCRAFT COMMUNICATION, AIR-TRAFFIC,
                        AND AIRCRAFT NAVIGATION).  THE LICENCEE REPRESENTS AND WARRANTS
                        THAT IT WILL NOT USE OR REDISTRIBUTE THE SOFTWARE FOR SUCH
                        PURPOSES.


                        8. Promotional Materials and Publicity

                        You authorize P6R Inc. to use Your name and trademarks
                        in P6R's promotional materials and for publicity purposes.
                        You can opt-out at any time by writing to:.


                        9. Export Controls

                        It is the Licensee's responsibility to comply with all United
                        States Department of Commerce regulations and with the United
                        States Export Administration Act to insure that the Software is
                        not exported in violation of United States law.


                        10. Termination

                        P6R, Inc. may terminate this agreement at any time if the Licensee
                        is in breach of any of its terms and conditions.  Upon termination
                        the Licensee will immediately return to P6R, Inc. or destroy all
                        copies of the Software, except insofar as portions of the Software
                        have already been lawfully incorporated in licensee's own work
                        product which has been sold and delivered to third parties.  The
                        provisions of sections 1, 2, 4, 5, 6, 7, 8, and 9 will survive any
                        termination of this License Agreement.


                        11. Miscellaneous

                        a) Governing Laws.
                        This Agreement shall be governed by the laws  of the United States
                        of America and of the State of California without regard to
                        California's conflicts of law rules.

                        b) Assignability.
                        Except as otherwise provided in this Agreement,
                        Licensee may not sell, assign or delegate any rights or
                        obligations under this Agreement.

                        c) Headings.
                        Headings are used in this Agreement for reference and convenience
                        only and shall not be considered when interpreting this Agreement.

                        g) Severability.
                        If any provision of this Agreement is found to
                        be illegal or unenforceable, the other provisions shall remain
                        effective and enforceable to the greatest extent permitted by law.

                        h) Interpretation
                        Each term of this Agreement shall be interpreted in accordance with
                        its fair and natural meaning, without regard to any rule of strict
                        construction against the party who drafted it.

                        i) Entire Agreement

                        This Software License Agreement sets forth the entire agreement
                        between the parties with regard to the subject matter hereof.  All
                        agreements, covenants, representations and warranties of the parties,
                        express and implied, oral and written, with regard to the subject
                        matter hereof are contained herein.  No other agreement, covenants,
                        representations or warranties, express or implied, oral or written,
                        have been made by any party to another with regard to the subject
                        matter hereof.  All prior and contemporaneous conversations,
                        negotiations, possible and alleged agreements and representations,
                        covenants and warranties with respect to the subject matter hereof
                        are hereby waived, merged herein and superseded by this Software
                        License Agreement.  This is an integrated Software License Agreement.