Get Key Wrap Type Anthony Berglas Mark Joseph
Get Key Wrap Type Anthony Berglas Mark Joseph
Problem Re-Statement Context 3 Register a wrapped key where the wrapping key is available Get without a key wrapping specification returns wrapped key exactly as per the registration Get without a key wrapping specification returns unwrapped key Get with a (different) key wrapping specification unwraps and re-wraps key General agreement that the specification does not require or preclude any of these options and the “correct” handling depends on things outside the specification although some views of “correct” are “more correct” than others. 2
Problem Reiteration • Inconsistency in server behavior for a client • Partial Solution: detect what will happen via Query. • Still doesn’t solve what a client wants • Additional Solution: Let the client specify what they want
New Key Wrap Type on Get operation • Not Wrapped – Always return the plaintext key value • As Registered – Return the value as it was specified in Register
Example <Batch. Item> <Operation type="Enumeration" value="Get"/> <Request. Payload> <Unique. Identifier type="Text. String" value="…"/> <Key. Format. Type type="Enumeration" value="Raw"/> <Key. Wrap. Type type="Enumeration" value=“Not. Wrapped"/> </Request. Payload> </Batch. Item>
Result Reason Errors Codes • Could Not Unwrap if the a Not Wrapped request could not be satisfied • Not As Registered if the server could not support this option • In either case the operation fails without attempting to return an incorrect value
Conclusion Simple solution to allow a client to have confidence that a server will return what it expects
- Slides: 7