PeterHamilton
commented
5 years ago Yep, that's expected (see our FAQ). We leverage pyca/cryptography (which underneath uses OpenSSL) for all of our cryptographic operations. If pyca/cryptography doesn't support it, neither does the PyKMIP server.
Right now we only support the following symmetric key algorithms:
- TripleDES
- AES
- Blowfish
- Camellia
- CAST5
- IDEA
- RC4
You can see all of the algorithms in the cryptography engine.
Now that I'm looking, it looks like pyca/cryptography added support for SEED and ChaCha20 recently. I should add those in at some point...
This is what I get when I try to create a symmetric 256 bit TWOFISH key.
kmip.pie.exceptions.KmipOperationFailure: OPERATION_FAILED: INVALID_FIELD - The cryptographic algorithm CryptographicAlgorithm.TWOFISH is not a supported symmetric key algorithm.
I don't know if anyone cares (due to it being insecure), but DES also produces the same result. TRIPLE_DES does work, in addition to AES, BLOWFISH, CAMELLIA, and IDEA. Too bad Serpent is not in the spec.