An Open Source Implementation of the Key Management Interoperability Protocol (KMIP)
The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP in Java.
Files
There are six different Zip-Files available:
kmip4j-bin-1.0 (binaries with config files)
kmip4j-src-1.0 (sources of the kmip-library "kmip4j")
kmip4j-src-client-gui-1.0 (sources of our KMIP Client GUI as test client)
kmip4j-src-simple-client-examle-1.0 (sources of how to implement a simple client)
kmip4j-src-simple-server-examle-1.0 (sources of how to implement a simple server)
kmip4j-src-test-environment-1.0 (complete sources of the test environment with Client-GUI, KMIP-Library and KLMS-server
Last edit: MeileGuster 2013-09-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the binary-zip-file you will find a simple example of a KMIP-Client. It uses the KMIP library to create a request for its KLMS. The KMIP objects and attributes are created and then filled into the KMIPContainer. In the code of the client example, the client creates a request for a “Create” operation. The KLMS is asked to create a symmetric key of 128 bits used for encryption and decryption (0x0C of Usage Mask) with the AES algorithm. The response KMIPContainer is then printed to the console.
To configure the project, the library “kmip4j.jar” needs to be added to the build path. Additionally, the configuration files “StubConfig.xml” and “log4j-1.2.17.xml” have to be appended as you can see in the figure below.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “StubConfig.xml”-File.
Last edit: MeileGuster 2013-09-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the binary-zip-file you will also find an example how to embed the KMIP-Library on the server-side.
As a Web-Application-Server, we used Apache Tomcat v7.0, which is not included in our zip-file.
First of all, you need to add the "kmip4j.jar" to your buildpath. Make sure that the jar-files are placed in the ".../WEB-INF/lib/"-folder, as you can see in the following project-structure.
As you can see in KMIPServlet.java -> initClasses(...), you then just need to write an Adapter for your Key Lifecycle Management System (KLMS) and instanciate a KMIPSkeleton with your Adapter and the fully qualified names of your Encoder and Decoder as transfer parameters.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “web.xml”- and your "server.xml"-File. Therefore, you will find these configuration files in the binary-zip-file as well.
Last edit: MeileGuster 2013-09-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the zip-file "kmip4j-src-test-environment-1.0" are all sources of our KMIP-Implementation, including the KMIP-Client-GUI, KMIP-Library, Web-Application-Server-Project, a minimal Key Lifecycle Management System (KLMS) and its Database.
In order to properly configure and run the system, follow the instructions below:
Import projects from "kmip4j-src-test-environment-1.0.zip" into your workspace
Download Apache Tomcat and define it as Runtime Environment (Eclipse: Window > Preferences > Server > Runtime Environments > Add..
Replace the "server.xml"-file in the tomcats directory "../conf/" with the one from the "kmip4j-bin-1.0.zip/config/"
Create a keystore with a certificate and modify the fully qualified path name and the password of the keystore in the "server.xml" and "web.xml". Alternatively you can use the keystore from "kmip4j-bin-1.0.zip/config/"
Open the Ant-View (Eclipse: Window > Show View > Ant), Drag and Drop the "build.xml"-file from the KLMSDB-Project into the view, initialize and start the database with the corresponding targets.
Start the KMIPWebAppServer (Eclipse: Run As > Run on Server)
Start the KMIPClientGUI.java (Eclipse: Run as > Java Application)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As you can see below in the system architecture of the complete test environment ( "kmip4j-src-test-environment-1.0"), the important components implement an interface for the interchangeability.
If you want to extend the KMIP-Implementation or exchange a component, you just need to:
implement the corresponding interface
place it in the right package
modify the configuration files "ch.ntb.inf.kmip.stub.StubConfig.xml" and "web.xml"
test your component with the test environment
build the KMIP-Library (kmip4j.jar) with the Eclipse-Plugin Fat Jar. The KMIP-Library only includes the following files:
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Getting started with KMIP4J
An Open Source Implementation of the Key Management Interoperability Protocol (KMIP)
The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP in Java.
Files
There are six different Zip-Files available:
Last edit: MeileGuster 2013-09-20
Simple Client
In the binary-zip-file you will find a simple example of a KMIP-Client. It uses the KMIP library to create a request for its KLMS. The KMIP objects and attributes are created and then filled into the KMIPContainer. In the code of the client example, the client creates a request for a “Create” operation. The KLMS is asked to create a symmetric key of 128 bits used for encryption and decryption (0x0C of Usage Mask) with the AES algorithm. The response KMIPContainer is then printed to the console.
To configure the project, the library “kmip4j.jar” needs to be added to the build path. Additionally, the configuration files “StubConfig.xml” and “log4j-1.2.17.xml” have to be appended as you can see in the figure below.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “StubConfig.xml”-File.
Last edit: MeileGuster 2013-09-16
Server Example
In the binary-zip-file you will also find an example how to embed the KMIP-Library on the server-side.
As a Web-Application-Server, we used Apache Tomcat v7.0, which is not included in our zip-file.
First of all, you need to add the "kmip4j.jar" to your buildpath. Make sure that the jar-files are placed in the ".../WEB-INF/lib/"-folder, as you can see in the following project-structure.
As you can see in KMIPServlet.java -> initClasses(...), you then just need to write an Adapter for your Key Lifecycle Management System (KLMS) and instanciate a KMIPSkeleton with your Adapter and the fully qualified names of your Encoder and Decoder as transfer parameters.
If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “web.xml”- and your "server.xml"-File. Therefore, you will find these configuration files in the binary-zip-file as well.
Last edit: MeileGuster 2013-09-16
How to use the complete test environment
In the zip-file "kmip4j-src-test-environment-1.0" are all sources of our KMIP-Implementation, including the KMIP-Client-GUI, KMIP-Library, Web-Application-Server-Project, a minimal Key Lifecycle Management System (KLMS) and its Database.
In order to properly configure and run the system, follow the instructions below:
Interchangeability
As you can see below in the system architecture of the complete test environment ( "kmip4j-src-test-environment-1.0"), the important components implement an interface for the interchangeability.
If you want to extend the KMIP-Implementation or exchange a component, you just need to: