HyTrust and Cryptsoft recently announced that HyTrust are using Cryptsoft’s KMIP technology in our KeyControl encryption key management solution, which is part of our DataControl Cloud Encryption product. You can read the press release here:
So what is KMIP? There have been many attempts over the years to produce a key management standard allowing encryption products to communicate with an external key management solution for key creation, storage and retrieval. After IEEE 1913 failed in 2010, the Key Management Interoperability Protocol (KMIP) standard was introduced in October of the same year. The landing page for KMIP can be found here:
KMIP is actually a communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Keys may be created on a server and then retrieved, possibly wrapped by other keys. Both symmetric and asymmetric keys are supported, including the ability to sign certificates. KMIP also defines messages that can be used to perform cryptographic operations on a server such as encrypt and decrypt.
The types of managed object that are managed by KMIP include:
- Symmetric Keys
- Public and Private Keys
- Certificates and PGP Keys
- Split Keys
- Secret Data (passwords)
- Opaque Data for client and server defined extensions
This marks a shift for HyTrust KeyControl which has to this point managed keys for our own Policy Agent that provides encryption inside Windows and Linux virtual machines (disks, filesystems and objects). KeyControl can now create, store and and deliver encryption keys for a wide array of encryption products including encryption gateways, SAN switches, disk drives and tapes as well as a number of home-grown encryption solutions. We support versions 1.0, 1.1, 1.2 and 1.3. HyTrust is also able to store the KeyControl master key in an external KMIP server.