Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

KMS Search Filters and Examples

Created: 08 Apr 2011 • Updated: 08 Apr 2011
Andreas Zengel's picture

PGP Key Management Server introduces a new search languaage to search for KMS objects like symmetric keys, asymmetric keys, secure
data, consumers and other objects.

The seach language details are described in the attached document (please find it on the end of this article)

Quotation

When quoting the search filter with PGP Command Line there are some differences between running PGP Command Line on Windows and
running it on Linux operating systems.

On Windows the quoted string needs to be quoted using two double quotation marks ("") while the whole search filter needs to be a single
double quotation mark (").

Example for Windows:

 "EQ(NAME,""MekSeries1"")"

Example for Linux / Unix:

 'EQ(NAME,"MekSeries1")'

Search Filter Examples

Search for a MAK (Managed Asymmetric Key) by name, using a regular expression:

 Windows:
pgp --usp-server keys.senderdomain.com --search-mak "RE(NAME,""mekseries.+application1"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'RE(NAME,"mekseries.+application1")'

Search for a MAK by UUID:

 Windows:
pgp --usp-server keys.senderdomain.com --search-mak "EQ(UUID,""f056de57-b569-4c0a-8960-18808f04af95"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'EQ(UUID,"f056de57-b569-4c0a-8960-18808f04af95")'

Search for a MAK by PGP Key-ID:

 Windows:
pgp --usp-server keys.senderdomain.com --search-mak "EQ(KEY_ID,0x5D2B4461)"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'EQ(KEY_ID,0x5D2B4461)'

Search for all MAKs that match both of the custome attributes and values (version 3.2 or higher)
all MAK UUIDs will be returned which have the custom attribute "APPLICATION" set to "APP1" and the customer attribute "ENABLED" set to "TRUE"

Windows:
pgp --usp-server keys.senderdomain.com --search-mak "AND(EQ(""APPLICATION"",""APP1""),EQ(""ENABLED"",""TRUE""))"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'AND(EQ("APPLICATION","APP1"),EQ("ENABLED","TRUE"))'

Search for a consumer by name (using regular expression):

 Windows:
pgp --usp-server keys.senderdomain.com --search-consumer "RE(NAME,""test.*1"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-consumer 'RE(NAME,"test.*1")'

Search for a MEK Series by UUID:

 Windows:
pgp --usp-server keys.senderdomain.com --details --search-mek-series "EQ(UUID,""563fb515-1369-40d6-b23d-1fef0638eecb"")"
Linux:
pgp --usp-server keys.senderdomain.com --details --search-mek-series 'EQ(UUID,"563fb515-1369-40d6-b23d-1fef0638eecb")'

Search operation modifiers:

All search operations for PGP Command Line can be modified using three different flags:
--brief : This will only print the UUIDS of the results, one per line
--details : This will print additional details about each object in the result list
--xml : This will print all known details, in a parsable XML format for each object in the result list

Search operation output examples:

Searching for a MEK series using default output:

 pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")'
output:
UUID                                    Name          No MEKs
------------------------------------    ----------    -------
563fb515-1369-40d6-b23d-1fef0638eecb    MekSeries1    2 

Searching for a MEK series using --brief output:

 pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --brief
output:
563fb515-1369-40d6-b23d-1fef0638eecb 

Searching for a MEK series using --details output:

 pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --details
output:
MEK Series Details: MekSeries1
       UUID: 563fb515-1369-40d6-b23d-1fef0638eecb
       Number of MEKs in series: 2
  Creation time: 2010-06-30
    End of life: 2011-09-29
 Validity (sec): 86400 

Searching for a MEK series using --xml output:

 pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --xml
output:
<?xml version="1.0"?>
<MEKSeriesList>
  <MEKSeries>
    <name>MekSeries1</name>
    <UUID>563fb515-1369-40d6-b23d-1fef0638eecb</UUID>
    <NumMEKs>2</NumMEKs>
    <CreationTime>2010-06-30</CreationTime>
    <EndOfLife>2011-09-29</EndOfLife>
    <ValidityDuration>86400</ValidityDuration>
    <attributes/>
  </MEKSeries>
</MEKSeriesList> 

Reference

The reference documentation for KMS search filters can be found in appendix D of the PGP Command Line User's Guide
The PGP Command Line User's Guide can be downloaded from Support Knowledgebase Article DOC3607