Understanding KMIP Compatibility

ThinkAgile CP is compatible with two vendors to support KMIP. Gemalto SafeNet Key Secure and Vormetric DSM key server are third-party, centralized key management platforms for clients who are required to use a KMIP infrastructure and FIPS 140-2 certification. Both vendors provide the solutions in hardware and virtual software appliance.

  • At the time of writing, the solutions support KMIP 1.1 and 1.2.
  • Gemalto SafeNet KeySecure supports 128-bit encryption. Whereas, Vormetric supports 128 or 256-bit encryption.
  • Both solutions support HSM to store the master key.
  • Both appliances can deliver FIPS 140-2 Level 2 and Level 3 certification
The following table summarizes the features for the two vendors.

Vormetric (DSM 6.0)

Safenet KeySecure (8.1)

KMIP version support

1.0, 1.1, 1.2

1.0, 1.1

KMIP client action logging

No

Yes

security isolation at host granularity

Upcoming, Version 6.1

Yes

admin can delete secret data

No

Yes

browse secret data by name attribute

No

Yes

client cert upload required

client certificate

client CA

Self signed certificate support

Yes

Yes

KMIP Register Secret Data

Yes

Yes

KMIP Locate Secret Data

Yes

Yes

KMIP Destroy Secret Data

Yes

Yes

FIPS compliant

Yes

Yes

SSL 3.0 / TLS 1.0, 1.1, 1.2

Yes

Yes

FIPS compliant ciphers

Yes

Yes

HA/cluster

Yes

Yes

secure Secret Data by IP

No

Yes

Two-way SSL/TLS authentication

Yes

Yes