View mode Auto Dark Light

KMIP algorithm policy (server-side)

The cosmian_kms_server crate can enforce a KMIP algorithm policy at request entry points (and on retrieved keys).

The policy selector is kmip.policy_id.

Accepted values (case-insensitive):

• DEFAULT: enforce the built-in conservative allowlists.
• CUSTOM: enforce the allowlists you provide under [kmip.allowlists] (use with caution).

Enabling the default policy

If kmip.policy_id is unset, the KMIP policy layer is disabled.

To explicitly select the built-in default policy, set kmip.policy_id = "DEFAULT" in kms.toml (or pass it on the command line):

[kmip]
policy_id = "DEFAULT"

CLI:

cosmian_kms --kmip-policy-id DEFAULT

Policies to use with caution

• CUSTOM: lets you override allowlists under [kmip.allowlists]. Misconfiguration can unintentionally allow weak choices or, conversely, deny most operations (e.g., if you set an empty list []).

What the DEFAULT policy enforces

The DEFAULT policy is a conservative (ANSSI/NIST/FIPS-aligned) allowlist. It constrains KMIP requests by validating their declared cryptographic parameters and, when applicable, the characteristics of the referenced keys.

In particular, it allowlists:

• Cryptographic algorithms (all builds): AES, RSA, ECDSA, ECDH, EC, HMACSHA256, HMACSHA384, HMACSHA512
• Cryptographic algorithms (non-FIPS builds only): ChaCha20Poly1305, Ed25519, SHAKE128, SHAKE256, ConfigurableKEM
• Hash functions: SHA256, SHA384, SHA512, SHA3256, SHA3384, SHA3512
• Signature algorithms: SHA256WithRSAEncryption, SHA384WithRSAEncryption, SHA512WithRSAEncryption, RSASSAPSS, ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512
• Curves: P256, P384, P521, CURVE25519, CURVE448
• Block cipher modes: GCM, CCM, XTS, NISTKeyWrap, AESKeyWrapPadding, GCMSIV
• Padding methods: OAEP, PSS, PKCS5
• MGF hashes: SHA256, SHA384, SHA512
• Mask generators: MGF1

It also enforces key-size constraints:

• RSA key sizes: 3072, 4096 (in addition to baseline structural constraints)
• AES key sizes: 128, 192, 256

Scheme-to-policy mapping

This table links the Algorithms to the minimal kms.toml allowlist values needed to keep each scheme reachable when kmip.policy_id = "DEFAULT".

Documentation scheme name	KMIP operation(s)	KMIP CryptographicAlgorithm	Minimal kms.toml allowlist values
AES-KWP (RFC 5649)	Import / Export (wrap/unwrap)	AES	algorithms=["AES"] block_cipher_modes=["AESKeyWrapPadding"] aes_key_sizes=[256] (or [128,192,256])
NIST KW (RFC 3394)	Import / Export (wrap/unwrap)	AES	algorithms=["AES"] block_cipher_modes=["NISTKeyWrap"] aes_key_sizes=[256] (or [128,192,256])
CKM_RSA_PKCS_OAEP	Encrypt / Decrypt (and RSA-wrap paths using OAEP)	RSA	algorithms=["RSA"] padding_methods=["OAEP"] hashes=["SHA256","SHA384","SHA512"] mask_generators=["MGF1"] mgf_hashes=["SHA256","SHA384","SHA512"] rsa_key_sizes=[2048,3072,4096]
CKM_RSA_AES_KEY_WRAP	Import / Export (wrap/unwrap)	RSA	algorithms=["RSA"] padding_methods=["None"] hashes=["SHA256","SHA384","SHA512"] rsa_key_sizes=[2048,3072,4096]
CKM_RSA_PKCS (PKCS#1 v1.5)	Encrypt / Decrypt	RSA	algorithms=["RSA"] padding_methods=["PKCS1v15"] rsa_key_sizes=[2048,3072,4096]
ECIES (NIST curves)	Encrypt / Decrypt	(key-type driven)	curves=["P256","P384","P521"] (and if restricting key creation/import: algorithms=["EC","ECDH","ECDSA"])
Salsa Sealed Box	Encrypt / Decrypt	(key-type driven)	curves=["CURVE25519","CURVEED25519"] (and if restricting key creation/import: algorithms=["EC","ECDH","ECDSA","Ed25519"])
AES GCM	Encrypt / Decrypt	AES	algorithms=["AES"] block_cipher_modes=["GCM"] aes_key_sizes=[256] (or [128,192,256])
AES XTS	Encrypt / Decrypt	AES	algorithms=["AES"] block_cipher_modes=["XTS"] aes_key_sizes=[512] (or [256,512] depending on client encoding)
AES GCM-SIV	Encrypt / Decrypt	AES	algorithms=["AES"] block_cipher_modes=["GCMSIV"] aes_key_sizes=[256] (or [128,192,256])
ChaCha20-Poly1305	Encrypt / Decrypt	ChaCha20Poly1305	algorithms=["ChaCha20Poly1305"]
RSASSA-PSS	Sign / SignatureVerify	RSA	algorithms=["RSA"] signature_algorithms=["RSASSAPSS"] hashes=["SHA256","SHA384","SHA512"] mask_generators=["MGF1"] mgf_hashes=["SHA256","SHA384","SHA512"] rsa_key_sizes=[2048,3072,4096]
ECDSA (with SHA-2)	Sign / SignatureVerify	ECDSA	algorithms=["ECDSA","EC"] signature_algorithms=["ECDSAWithSHA256","ECDSAWithSHA384","ECDSAWithSHA512"] curves=["P256","P384","P521"]
EdDSA	Sign / SignatureVerify	Ed25519 / Ed448	algorithms=["Ed25519","Ed448"] curves=["CURVEED25519","CURVEED448"]