KMIP Component leaves keys in a pre-active state

General

Escalation

General

Escalation

Description

The KMIP component leaves keys in a pre-active state:

('59',
 [Attribute(attribute_name=AttributeName(value='Unique Identifier'), attribute_index=None, attribute_value=UniqueIdentifier(value='59')),
  Attribute(attribute_name=AttributeName(value='Name'), attribute_index=AttributeIndex(value=0), attribute_value=Name(type=NameType(value=<NameType.UNINTERPRETED_TEXT_STRING: 1>),value=NameValue(value='INNODBKey-dd2be73e-393a-11ef-be72-080027466d1a-1'))),
  Attribute(attribute_name=AttributeName(value='Object Type'), attribute_index=None, attribute_value=Enumeration(enum=ObjectType, value=ObjectType.SYMMETRIC_KEY, tag=Tags.ATTRIBUTE_VALUE)),
  Attribute(attribute_name=AttributeName(value='Cryptographic Algorithm'), attribute_index=None, attribute_value=Enumeration(enum=CryptographicAlgorithm, value=CryptographicAlgorithm.AES, tag=Tags.ATTRIBUTE_VALUE)),
  Attribute(attribute_name=AttributeName(value='Cryptographic Length'), attribute_index=None, attribute_value=CryptographicLength(value=256)),
  Attribute(attribute_name=AttributeName(value='Operation Policy Name'), attribute_index=None, attribute_value=OperationPolicyName(value='default')),
  Attribute(attribute_name=AttributeName(value='Cryptographic Usage Mask'), attribute_index=None, attribute_value=CryptographicUsageMask(value=12)),
***
  Attribute(attribute_name=AttributeName(value='State'), attribute_index=None, attribute_value=Enumeration(enum=State, value=State.PRE_ACTIVE, tag=Tags.ATTRIBUTE_VALUE)),
***
  Attribute(attribute_name=AttributeName(value='Initial Date'), attribute_index=None, attribute_value=DateTime(value=1720011124, tag=Tags.ATTRIBUTE_VALUE)),
  Attribute(attribute_name=AttributeName(value='Object Group'), attribute_index=AttributeIndex(value=0), attribute_value=TextString(value=''))])

The state attribute is defined as below:

This attribute is an indication of the State of an object as known to the key management server. The State SHALL NOT be changed by using the Modify Attribute operation on this attribute. The State SHALL only be changed by the server as a part of other operations or other server processes. An object SHALL be in one of the following states at any given time. (Note: These states correspond to those described in [SP800-57-1]).

Pre-Active: The object exists and SHALL NOT be used for any cryptographic purpose.
Active: The object SHALL be transitioned to the Active state prior to being used for any cryptographic purpose. The object SHALL only be used for all cryptographic purposes that are allowed by its Cryptographic Usage Mask attribute. If a Process Start Date (see 3.25) attribute is set, then the object SHALL NOT be used for cryptographic purposes prior to the Process Start Date. If a Protect Stop Date (see 3.26) attribute is set, then the object SHALL NOT be used for cryptographic purposes after the Process Stop Date.

https://docs.oasis-open.org/kmip/spec/v1.4/kmip-spec-v1.4.html#:~:text=%C2%B7%C2%A0%C2%A0%C2%A0%C2%A0%C2%A0%C2%A0%C2%A0%C2%A0%20Pre%2DActive%3A%20The%20object%20exists%20and%20SHALL%20NOT%20be%20used%20for%20any%20cryptographic%20purpose.

This is probably more related to https://github.com/Percona-Lab/libkmip/ than MySQL and will be related to all clients using that lib.