PGP Key Management Server introduces a new search languaage to search for KMS objects like symmetric keys, asymmetric keys, secure
data, consumers and other objects.
The seach language details are described in the attached document (please find it on the end of this article)
Quotation
When quoting the search filter with PGP Command Line there are some differences between running PGP Command Line on Windows and
running it on Linux operating systems.
On Windows the quoted string needs to be quoted using two double quotation marks ("") while the whole search filter needs to be a single
double quotation mark (").
Example for Windows:
"EQ(NAME,""MekSeries1"")"
Example for Linux / Unix:
'EQ(NAME,"MekSeries1")'
Search Filter Examples
Search for a MAK (Managed Asymmetric Key) by name, using a regular expression:
Windows:
pgp --usp-server keys.senderdomain.com --search-mak "RE(NAME,""mekseries.+application1"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'RE(NAME,"mekseries.+application1")'
Search for a MAK by UUID:
Windows:
pgp --usp-server keys.senderdomain.com --search-mak "EQ(UUID,""f056de57-b569-4c0a-8960-18808f04af95"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'EQ(UUID,"f056de57-b569-4c0a-8960-18808f04af95")'
Search for a MAK by PGP Key-ID:
Windows:
pgp --usp-server keys.senderdomain.com --search-mak "EQ(KEY_ID,0x5D2B4461)"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'EQ(KEY_ID,0x5D2B4461)'
Search for all MAKs that match both of the custome attributes and values (version 3.2 or higher)
all MAK UUIDs will be returned which have the custom attribute "APPLICATION" set to "APP1" and the customer attribute "ENABLED" set to "TRUE"
Windows:
pgp --usp-server keys.senderdomain.com --search-mak "AND(EQ(""APPLICATION"",""APP1""),EQ(""ENABLED"",""TRUE""))"
Linux:
pgp --usp-server keys.senderdomain.com --search-mak 'AND(EQ("APPLICATION","APP1"),EQ("ENABLED","TRUE"))'
Search for a consumer by name (using regular expression):
Windows:
pgp --usp-server keys.senderdomain.com --search-consumer "RE(NAME,""test.*1"")"
Linux:
pgp --usp-server keys.senderdomain.com --search-consumer 'RE(NAME,"test.*1")'
Search for a MEK Series by UUID:
Windows:
pgp --usp-server keys.senderdomain.com --details --search-mek-series "EQ(UUID,""563fb515-1369-40d6-b23d-1fef0638eecb"")"
Linux:
pgp --usp-server keys.senderdomain.com --details --search-mek-series 'EQ(UUID,"563fb515-1369-40d6-b23d-1fef0638eecb")'
Search operation modifiers:
All search operations for PGP Command Line can be modified using three different flags:
--brief : This will only print the UUIDS of the results, one per line
--details : This will print additional details about each object in the result list
--xml : This will print all known details, in a parsable XML format for each object in the result list
Search operation output examples:
Searching for a MEK series using default output:
pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")'
output:
UUID Name No MEKs
------------------------------------ ---------- -------
563fb515-1369-40d6-b23d-1fef0638eecb MekSeries1 2
Searching for a MEK series using --brief output:
pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --brief
output:
563fb515-1369-40d6-b23d-1fef0638eecb
Searching for a MEK series using --details output:
pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --details
output:
MEK Series Details: MekSeries1
UUID: 563fb515-1369-40d6-b23d-1fef0638eecb
Number of MEKs in series: 2
Creation time: 2010-06-30
End of life: 2011-09-29
Validity (sec): 86400
Searching for a MEK series using --xml output:
pgp --usp-server keys.senderdomain.com --search-mek-series 'EQ(NAME,"MekSeries1")' --xml
output:
<?xml version="1.0"?>
<MEKSeriesList>
<MEKSeries>
<name>MekSeries1</name>
<UUID>563fb515-1369-40d6-b23d-1fef0638eecb</UUID>
<NumMEKs>2</NumMEKs>
<CreationTime>2010-06-30</CreationTime>
<EndOfLife>2011-09-29</EndOfLife>
<ValidityDuration>86400</ValidityDuration>
<attributes/>
</MEKSeries>
</MEKSeriesList>
Reference
The reference documentation for KMS search filters can be found in appendix D of the PGP Command Line User's Guide
The PGP Command Line User's Guide can be downloaded from Support Knowledgebase Article DOC3607