SecureBlackbox 2020 PHP Edition

Questions / Feedback?

KMIPClient Class

Properties   Methods   Events   Configuration Settings   Errors  

The KMIPClient class provides client-side functionality for KMIP.

Class Name


Procedural Interface

 secureblackbox_kmipclient_register_callback($res, $id, $function);
 secureblackbox_kmipclient_set($res, $id, $index, $value);
 secureblackbox_kmipclient_get($res, $id, $index);
 secureblackbox_kmipclient_do_addcertificate($res, $certpassword, $addprivatekey, $id);
 secureblackbox_kmipclient_do_addkey($res, $id);
 secureblackbox_kmipclient_do_addpinned($res, $addprivatekey, $id);
 secureblackbox_kmipclient_do_config($res, $configurationstring);
 secureblackbox_kmipclient_do_decrypt($res, $uniqueidentifier);
 secureblackbox_kmipclient_do_encrypt($res, $uniqueidentifier);
 secureblackbox_kmipclient_do_generatecert($res, $publickeyuniqueidentifier, $keyalgorithm, $hashalgorithm, $keylength, $subjectrdn, $id);
 secureblackbox_kmipclient_do_generatecertfrompinned($res, $publickeyuniqueidentifier, $id);
 secureblackbox_kmipclient_do_generatecertfromrequest($res, $id);
 secureblackbox_kmipclient_do_generatekey($res, $keyalgorithm, $keylength, $id);
 secureblackbox_kmipclient_do_getlist($res, $objecttypes);
 secureblackbox_kmipclient_do_remove($res, $uniqueidentifier);
 secureblackbox_kmipclient_do_sign($res, $uniqueidentifier);
 secureblackbox_kmipclient_do_verify($res, $uniqueidentifier);


The Key Management Interoperability Protocol (KMIP) is an OASIS standard for communication between different key management servers and clients.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

DataFileA path to the file containing the unsigned data.
EncoderTypeSpecifies the KMIP encoder type.
ExternalCryptoCustomParamsCustom parameters to be passed to the signing service (uninterpreted).
ExternalCryptoDataAdditional data to be included in the async state and mirrored back by the requestor.
ExternalCryptoExternalHashCalculationSpecifies whether the message hash is to be calculated at the external endpoint.
ExternalCryptoHashAlgorithmSpecifies the request's signature hash algorithm.
ExternalCryptoKeyIDThe ID of the pre-shared key used for DC request authentication.
ExternalCryptoKeySecretThe pre-shared key used for DC request authentication.
ExternalCryptoMethodSpecifies the asynchronous signing method.
ExternalCryptoModeSpecifies the external cryptography mode.
ExternalCryptoPublicKeyAlgorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
HostSpecifies the host name of the KMIP server.
InputFilePath to the file containing data to be signed, verified, encrypted or decrypted.
ObjectCountThe number of records in the Object arrays.
ObjectIDContains the value currently stored in the ID Placeholder.
ObjectKeyAlgorithmThe cryptographic algorithm for this object.
ObjectKeyLengthThe length of the cryptographic key.
ObjectObjectTypeThe type of this object.
ObjectSigAlgorithmDigital signature algorithm for this object (only for certificates).
ObjectUniqueIdentifierThe unique identifier of the object generated by the key management system.
OutputFileSpecifies the file where the signed, encrypted, or decrypted data should be saved.
PasswordSpecifies a password to authenticate to the KMIP server.
PinnedCertBytesReturns raw certificate data in DER format.
PinnedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
PinnedCertRequestBytesProvides access to raw certificate request data in DER format.
PinnedCertRequestHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
PortSpecifies the port on the KMIP server to connect to.
ProxyAddressThe IP address of the proxy server.
ProxyAuthenticationThe authentication type used by the proxy server.
ProxyPasswordThe password to authenticate to the proxy server.
ProxyPortThe port on the proxy server to connect to.
ProxyProxyTypeThe type of the proxy server.
ProxyRequestHeadersContains HTTP request headers for WebTunnel and HTTP proxy.
ProxyResponseBodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
ProxyResponseHeadersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
ProxyUseIPv6Specifies whether IPv6 should be used when connecting through the proxy.
ProxyUseProxyEnables or disables proxy-driven connection.
ProxyUsernameSpecifies the username credential for proxy authentication.
SignatureValidationResultThe signature validation result.
SocketDNSModeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
SocketDNSPortSpecifies the port number to be used for sending queries to the DNS server.
SocketDNSQueryTimeoutThe timeout (in milliseconds) for each DNS query.
SocketDNSServersThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
SocketDNSTotalTimeoutThe timeout (in milliseconds) for the whole resolution process.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
TLSClientCertCountThe number of records in the TLSClientCert arrays.
TLSClientCertBytesReturns raw certificate data in DER format.
TLSClientCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSServerCertCountThe number of records in the TLSServerCert arrays.
TLSServerCertBytesReturns raw certificate data in DER format.
TLSServerCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
UsernameThe username to authenticate to the KMIP server.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddCertificateImports a certificate to the KMIP server.
AddKeyImports a key to the KMIP server.
AddPinnedImports a certificate to the KMIP server.
ConfigSets or retrieves a configuration setting.
DecryptDecrypts the provided data using a key stored on the KMIP server.
EncryptEncrypts the provided data using a key stored on the KMIP server.
GenerateCertGenerates a new certificate on the KMIP server.
GenerateCertFromPinnedGenerates a new certificate on the KMIP server from the pinned certificate.
GenerateCertFromRequestGenerates a new certificate on the KMIP server from the certificate request.
GenerateKeyGenerates a symmetric key or an asymmetric key pair on the KMIP server.
GetListRetrieves the list of objects of a given type.
RemoveRemoves the specified object from the server.
SignSigns the data using a key on the KMIP server.
VerifyVerifies digitally signed data.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ErrorProvides information about errors during KMIP operations.
ExternalSignHandles remote or external signing initiated by the SignExternal method or other source.
NotificationThis event notifies the application about an underlying control flow event.
TLSCertValidateThis event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Configuration Settings

The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

BlockCipherModeBlock cipher mode to use for encrypting or decrypting.
BlockSizeBlock size of data for encrypting, decrypting or signing.
CurveName of the curve of the newly added elliptic cryptography (EC) key.
HashAlgorithmHash algorithm to use for signing or verifying.
IVCounterNonceInitialization vector, counter or nonce for encrypting or decrypting.
MajorProtocolVersionMajor protocol version of the KMIP server.
MaximumItemsThe maximum number of items to be returned on getting the object list.
MinorProtocolVersionMinor protocol version of the KMIP server.
OffsetItemsThe number of items to skip on getting the object list.
PaddingMethodPadding method to use for encrypting or decrypting.
RandomIVWhether to generate the initialization vector automatically.
TagLengthTag length to use for encrypting or decrypting.
TempPathPath for storing temporary files.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 PHP Edition - Version 20.0 [Build 8165]