This document describes a client-server protocol for the secure initialization (and configuration) of cryptographic tokens. The protocol requires neither private-key capabilities in the cryptographic tokens, nor an established public-key infrastructure. Successful execution of the protocol will result in the generation of the same shared secret on both the server as well as the token.
New
- CT-KIP Version 1.0 Revision 1HTML | TXT
This revision was produced in response to feedback received during the publication of CT-KIP as an IETF RFC. Changes compared to CT-KIP Version 1.0 are limited to editorial corrections and clarifications. No new functionality has been introduced. This version has been published as IETF RFC 4758. - 1- and 2-pass version of CT-KIP, Draft 4, October 2006
HTML | TXT - XML Schema 4th DRAFT of 1- and 2-pass CT-KIP
Current Version
Related Documents
- PKCS #11 v2.20 Amendment 2: PKCS #11 Mechanisms for the Cryptographic
Token Key Initialization Protocol
Adobe PDF - XML schema for CT-KIP
- Header file for PKCS #11 v2.20 Amendment 2 (disclaimer)
Previous Versions
- CT-KIP: CT-KIP: Cryptographic Token Key Initialization Protocol Version 1.0: Adobe PDF
Test Vectors
- To be written
DISCLAIMER
Regarding the header / include files:
License to copy and use this software is granted provided that it is identified as "RSA Security Inc. Cryptographic Token Key Initialization Protocol (CT-KIP)" in all material mentioning or referencing this software.
This software is provided "AS IS" and RSA Security, Inc. disclaims all warranties including but not limited to the implied warranty of merchantability, fitness for a particular purpose, and noninfringement.
