What's the CMK?

Question

Post reply

What's the CMK?

Steve Jones - SSC Editor

SSC Guru

Points: 734542
More actions
June 25, 2019 at 12:00 am

#3652129

Comments posted to this topic are about the item What's the CMK?

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply

Stewart "Arturius" Campbell SSC Guru Points: 72503 More actions · Answer 1

Really interesting, thanks Steve

Learned something today

____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
“libera tute vulgaris ex”

timwell SSCertifiable Points: 5315 More actions · Answer 2

I guessed wrong based on this sentence in the documentation:

A column master key should be an asymmetric key (a public/private key pair), using the RSA algorithm.

I didn't find anything in the referenced document about symmetric or asymmetric...

Scott Coleman One Orange Chip Points: 27452 More actions · Answer 3

So if you are using an asymmetric key from a Hardware Security Module as the CMK, it somehow can be called a certificate?

I don't agree with this answer.

Steve Jones - SSC Editor SSC Guru Points: 734542 More actions · Answer 4

Steve Jones - SSC Editor

SSC Guru

Points: 734542

June 27, 2019 at 2:38 pm

#3658141

A certificate is an asymmetric key.

Scott Coleman One Orange Chip Points: 27452 More actions · Answer 5

OK, a certificate is an asymmetric key. But does that make all asymmetric keys certificates?

I still do not agree with the answer that the CMK can only be a certificate.

Steve Jones - SSC Editor SSC Guru Points: 734542 More actions · Answer 6

Not all asymmetric keys are certificates, but from what I've seen with HSMs, they use certificates, precisely because of the metadata of the expiration date. If that's documented elsewhere differently, that's fine, but all the AE docs reference certificates.

sipas Hall of Fame Points: 3828 More actions · Answer 7

timwell wrote:

I guessed wrong based on this sentence in the documentation:
A column master key should be an asymmetric key (a public/private key pair), using the RSA algorithm.
I didn't find anything in the referenced document about symmetric or asymmetric...

Same here - why is 'An RSA asymmetric key' the wrong answer?

Steve Jones - SSC Editor SSC Guru Points: 734542 More actions · Answer 8

RSA was a poor choice, and actually might be correct. The documentation isn't clear here, but developers can write their own implementation of a key store, which could be an RSA key. As of this time, that's not an option that I know of, but I could be wrong.

I've edited the question to remove the RSA key.