KMIP with Gemalto and Vormetric

Extracting AES key from Gemalto Keysecure and Vormetric DSM. Python scripts

Gemalto Keysecure and Vormetric Data Security Manager are central key repositories, that allows integration using Key Management Interoperability Protocol (KMIP). Despite the certificate based authentication is mandatory, authentication is different in both solutions.


Certificates:





Where:
CA - KMIP certificate authority
client - Client certificate signed by CA
key - Client private key assigned


Authentication


KeySecure

client = client.ProxyKmipClient(
hostname='192.168.10.249',
port=5696,
ca='E:\KMIP\ca.pem',
key='E:\KMIP\key.pem',
cert='E:\KMIP\client.pem',
username='kmip',
password='secret123!'

)


Vormetric DSM:

client = client.ProxyKmipClient(
hostname='192.168.10.251',
port=5696,
ca='E:\KMIP\ca.pem',
key='E:\KMIP\key.pem',
cert='E:\KMIP\cert.crt',

)

KeySecure: If you will not provide username or password authentication will fail
Vormetric: If you will provide username with password authentication will fail

Test scripts here: Gemalto Keysecure Vormetric DSM