KEYMAN Security key and certificate management
Syntax Development Group (SDG)
KEYMAN is a message providing for security key and certificate management. A key may be a secret key used with symmetric algorithms, or a public or private key used with asymmetric algorithms.
Header
- 0010Message headerMandatoryMax 1
To head, identify and specify a message.
1. Data element S009/0057 is retained for upward compatibility. The use ofS016 and/or S017 is encouraged in preference.2. The combination of the values carried in data elements 0062 and S009 shallbe used to identify uniquely the message within its group (if used) or ifnot used, within its interchange, for the purpose of acknowledgement. - Segment group 1Repeat 999
- 0030Security message relationMandatoryMax 1
To specify the relation to earlier security messages, such as response to a particular request, or request for a particular answer.
- 0040Security referencesConditionalMax 1
To refer to the secured EDIFACT structure and its associated date and time.
1. D5(050, 040) If first, then all2. D1(070, 090) One and only one3. D5(060, 040) If first, then all4. D5(080, 070) If first, then all - Segment group 2Repeat 9
- 0060Key management functionMandatoryMax 1
To specify the type of key management function and the status of a corresponding key or certificate.
- 0070Security algorithmConditionalMax 1
To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.
1. S503, provides space for one parameter. The number of repetitions of S503actually used will depend on the algorithm used. The order of theparameters is arbitrary but, in each case, the actual value is preceded bya coded algorithm parameter qualifier. - Segment group 3Repeat 1
- 0090CertificateMandatoryMax 1
To convey the public key and the credentials of its owner.
- 0100Security algorithmConditionalMax 3
To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.
1. S503, provides space for one parameter. The number of repetitions of S503actually used will depend on the algorithm used. The order of theparameters is arbitrary but, in each case, the actual value is preceded bya coded algorithm parameter qualifier. - 0110Security resultConditionalMax 1
To contain the result of the security mechanisms.
1. S508, two occurrences shall be used in the case of signature algorithmsrequiring two parameters to express the result.In the case of an RSA signature, only one occurrence of S508 shall beused.In the case of a DSA signature two occurrences of S508 shall be used.
- 0090CertificateMandatoryMax 1
- 0060Key management functionMandatoryMax 1
- 0030Security message relationMandatoryMax 1
- Segment group 4Repeat 99
- 0130Security list statusMandatoryMax 1
To specify the status of security objects, such as keys or certificates to be delivered in a list, and the corresponding list parameters.
- Segment group 5Repeat 9999
- 0150CertificateMandatoryMax 1
To convey the public key and the credentials of its owner.
- 0160Security algorithmConditionalMax 3
To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.
1. S503, provides space for one parameter. The number of repetitions of S503actually used will depend on the algorithm used. The order of theparameters is arbitrary but, in each case, the actual value is preceded bya coded algorithm parameter qualifier. - 0170Security resultConditionalMax 1
To contain the result of the security mechanisms.
1. S508, two occurrences shall be used in the case of signature algorithmsrequiring two parameters to express the result.In the case of an RSA signature, only one occurrence of S508 shall beused.In the case of a DSA signature two occurrences of S508 shall be used.
- 0150CertificateMandatoryMax 1
- 0130Security list statusMandatoryMax 1
- 0180Message trailerMandatoryMax 1
To end and check the completeness of a message.
1. 0062, the value shall be identical to the value in 0062 in thecorresponding UNH segment.