Cryptographic Usage Mask Nitin Jain Safenet Usage Mask

Cryptographic Usage Mask Nitin Jain ( Safenet )

Usage Mask Table Currently in KMIP spec usage masks are not briefed clearly under Cryptographic Usage Mask attribute. Add below table in KMIP spec to understand the usage masks with example. Note: Request to remove Usage Masks marked with red. Usage Mask Description Example 1 Sign Key can be used for Signing the Data. Private Key 2 Verify Key can be used for Verification of Data. Public Key 3 Encrypt Key can be used to Encrypt the Data. Symmetric and Public Key 4 Decrypt Key can be used to Decrypt the Data. Symmetric and Private Key 5 Wrap Key can be used to Wrap a Key. Symmetric Key 6 Unwrap Key can be used to Unwrap a Key. Symmetric Key 7 Export This is ambiguous but one thing for sure that this is not for exporting the Key Material (should be deprecated and removed from spec) 8 MAC Generate Key can be used to MAC the Data. Symmetric Key 9 MAC Verify Key can be used to MAC Verify the Data. Symmetric Key 10 Derive Key can be used to Derive a Key. Symmetric Key and Secret Data

Usage Mask Table Usage Mask Description Example 11 Content Commitment Key can be used for verify digital signatures. Public Key 12 Key Agreement Key can be used for key agreement. Public Key 13 Certificate Sign Key can be used for verifying signatures on public key certificates. Public Key 14 CRL Sign Key can be used for verifying signatures on certificate revocation lists Public Key 15 Generate Cryptogram 16 Validate Cryptogram 17 Translate Encrypt 18 Translate Decrypt 19 Translate Wrap 20 Translate Unwrap Should be deprecated and removed from spec