Skip to content

akeylesslabs/go-kmip

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
.github
.github
 
 
kmip20
kmip20
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
attribute.go
attribute.go
 
 
auth.go
auth.go
 
 
certificates.go
certificates.go
 
 
client.go
client.go
 
 
consts.go
consts.go
 
 
decode.go
decode.go
 
 
decode_core.go
decode_core.go
 
 
decode_test.go
decode_test.go
 
 
doc.go
doc.go
 
 
encode.go
encode.go
 
 
encode_core.go
encode_core.go
 
 
encode_test.go
encode_test.go
 
 
errors.go
errors.go
 
 
fields.go
fields.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hooks.go
hooks.go
 
 
keyblock.go
keyblock.go
 
 
keys.go
keys.go
 
 
operations.go
operations.go
 
 
payload_registry.go
payload_registry.go
 
 
request.go
request.go
 
 
request_test.go
request_test.go
 
 
response.go
response.go
 
 
server.go
server.go
 
 
server_test.go
server_test.go
 
 
tls.go
tls.go
 
 
tls_test.go
tls_test.go
 
 
types.go
types.go
 
 

Repository files navigation

go-kmip

Build Status codecov Documentation Go Report Card

go-kmip implements a subset of the KMIP 1.4 and KMIP 2.0 protocols.

Basic TTLV encoding/decoding is fully implemented, as well as the basic client/server operations. Other operations and fields could be implemented by adding required Go structures with KMIP tags.

KMIP protocol is used to access KMS solutions: generating keys, certificates, accessing stored objects, etc.

KMIP is using TTLV-like encoding, which is implemented in this packaged as encoding/decoding of Go struct types. Go struct fields are annotated with kmip tags which specify KMIP tag names. Field is encoded/decoded according to its tag, type.

Two high-level objects are implemented: Server and Client. Server listens for TLS connections, does initial handshake and processes batch requests from the clients. Processing of specific operations is delegated to operation handlers. Client objects establishes connection with the KMIP server and allows sending any number of requests over the connection.

This package doesn't implement any actual key processing or management - it's outside the scope of this package.

KMIP 2.0 support

This branch adds initial KMIP 2.0 payload support alongside the existing 1.x implementation.

  • A new subpackage kmip20 registers KMIP 2.0 request/response payloads at init-time.
  • Import it for side effects to enable 2.0 encoding/decoding:
import (
    "github.com/akeylesslabs/go-kmip"
    _ "github.com/akeylesslabs/go-kmip/kmip20" // register KMIP 2.0 payloads
)

  • Currently covered KMIP 2.0 operations:

    • Create
    • CreateKeyPair
    • Get
    • Register
    • Locate
    • SetAttribute
    • AdjustAttribute
    • ReKey
    • AddAttribute
    • ModifyAttribute
    • DeleteAttribute

  • Notable 2.0 payload differences:

    • Uses the ATTRIBUTES structure (container of ATTRIBUTE items) instead of 1.x TEMPLATE_ATTRIBUTE.
    • CreateKeyPair accepts COMMON_ATTRIBUTES, PRIVATE_KEY_ATTRIBUTES, PUBLIC_KEY_ATTRIBUTES.

  • Backward compatibility:

    • 1.x payloads remain the default; registering 2.0 payloads does not replace 1.4 payloads.
    • Decoding/encoding chooses payloads based on the ProtocolVersion in the KMIP header.
    • For some operations (e.g., Get, ReKey, Add/Modify/Delete Attribute), KMIP 2.0 reuses the 1.x payload structures; kmip20 registers factories to select those under 2.0.

Minimal example (KMIP 2.0 Create)

package main

import (
    "bytes"
    "github.com/akeylesslabs/go-kmip"
    "github.com/akeylesslabs/go-kmip/kmip20"
)

func main() {
    req := kmip.Request{
        Header: kmip.RequestHeader{ // build header with KMIP 2.0
            Version:    kmip.ProtocolVersion{Major: 2, Minor: 0},
            BatchCount: 1,
        },
        BatchItems: []kmip.RequestBatchItem{
            {
                Operation: kmip.OPERATION_CREATE,
                RequestPayload: kmip20.CreateRequest{
                    ObjectType: kmip.OBJECT_TYPE_SYMMETRIC_KEY,
                    Attributes: kmip20.Attributes{},
                },
            },
        },
    }
    var buf bytes.Buffer
    _ = kmip.NewEncoder(&buf).Encode(req)
}

License

This code is licensed under MPL 2.0.

About

KMIP protocol implementation in Go

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 10

Support KMIP v2.0 Latest
May 24, 2026
+ 9 releases

Packages

 
 
 

Contributors

Languages

  • Go 99.9%
  • Makefile 0.1%