KEYMAN Security key and certificate management

Syntax Development Group (SDG)

KEYMAN is a message providing for security key and certificate management. A key may be a secret key used with symmetric algorithms, or a public or private key used with asymmetric algorithms.

Header

1. 0010 · UNH · Message header · Max 1 · Mandatory

   To head, identify and specify a message.

2. Segment group 1 Repeat 999

   1. 0030 · USE · Security message relation · Max 1 · Mandatory

      To specify the relation to earlier security messages, such as response to a particular request, or request for a particular answer.

   2. 0040 · USX · Security references · Max 1 · Conditional

      To refer to the secured EDIFACT structure and its associated date and time.

   3. Segment group 2 Repeat 9

      1. 0060 · USF · Key management function · Max 1 · Mandatory

         To specify the type of key management function and the status of a corresponding key or certificate.

      2. 0070 · USA · Security algorithm · Max 1 · Conditional

         To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.

         1. S503, provides space for one parameter. The number of repetitions of S503
         actually used will depend on the algorithm used. The order of the
         parameters is arbitrary but, in each case, the actual value is preceded by
         a coded algorithm parameter qualifier.

      3. Segment group 3 Repeat 1

         1. 0090 · USC · Certificate · Max 1 · Mandatory

            To convey the public key and the credentials of its owner.

         2. 0100 · USA · Security algorithm · Max 3 · Conditional

            To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.

            1. S503, provides space for one parameter. The number of repetitions of S503
            actually used will depend on the algorithm used. The order of the
            parameters is arbitrary but, in each case, the actual value is preceded by
            a coded algorithm parameter qualifier.

         3. 0110 · USR · Security result · Max 1 · Conditional

            To contain the result of the security mechanisms.

3. Segment group 4 Repeat 99

   1. 0130 · USL · Security list status · Max 1 · Mandatory

      To specify the status of security objects, such as keys or certificates to be delivered in a list, and the corresponding list parameters.

   2. Segment group 5 Repeat 9999

      1. 0150 · USC · Certificate · Max 1 · Mandatory

         To convey the public key and the credentials of its owner.

      2. 0160 · USA · Security algorithm · Max 3 · Conditional

         To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.

         1. S503, provides space for one parameter. The number of repetitions of S503
         actually used will depend on the algorithm used. The order of the
         parameters is arbitrary but, in each case, the actual value is preceded by
         a coded algorithm parameter qualifier.

      3. 0170 · USR · Security result · Max 1 · Conditional

         To contain the result of the security mechanisms.

4. 0180 · UNT · Message trailer · Max 1 · Mandatory

   To end and check the completeness of a message.