The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP in Java.
There are six different Zip-Files available:
In the binary-zip-file you will find a simple example of a KMIP-Client. It uses the KMIP library to create a request for its KLMS. The KMIP objects and attributes are created and then filled into the KMIPContainer. In the code of the client example, the client creates a request for a “Create” operation. The KLMS is asked to create a symmetric key of 128 bits used for encryption and decryption (0x0C of Usage Mask) with the AES algorithm. The response KMIPContainer is then printed to the console.
To configure the project, the library “kmip4j.jar” needs to be added to the build path. Additionally, the configuration files “StubConfig.xml” and “log4j-1.2.17.xml” have to be appended as you can see in the figure below.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “StubConfig.xml”-File.
In the binary-zip-file you will also find an example how to embed the KMIP-Library on the server-side.
As a Web-Application-Server, we used Apache Tomcat v7.0, which is not included in our zip-file.
First of all, you need to add the "kmip4j.jar" to your buildpath. Make sure that the jar-files are placed in the ".../WEB-INF/lib/"-folder, as you can see in the following project-structure.
As you can see in KMIPServlet.java -> initClasses(...), you then just need to write an Adapter for your Key Lifecycle Management System (KLMS) and instanciate a KMIPSkeleton with your Adapter and the fully qualified names of your Encoder and Decoder as transfer parameters.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “web.xml”- and your "server.xml"-File. Therefore, you will find these configuration files in the binary-zip-file as well.
In the zip-file "kmip4j-src-test-environment-1.0" are all sources of our KMIP-Implementation, including the KMIP-Client-GUI, KMIP-Library, Web-Application-Server-Project, a minimal Key Lifecycle Management System (KLMS) and its Database.
In order to properly configure and run the system, follow the instructions below:
As you can see below in the system architecture of the complete test environment ( "kmip4j-src-test-environment-1.0"), the important components implement an interface for the interchangeability.
If you want to extend the KMIP-Implementation or exchange a component, you just need to: