Command: K (Encrypt a key). Can be used in online, offline or secure state.
Function: To form
and encrypt a TMK, TPK or PVK under LMK 14-15. The TMK, TPK or PVK can be
entered as a number of components in the range 1 to 9 inclusive.
The HSM must be in the Authorised state.
To ensure that the clear key is not displayed on the screen, enter the “^”
character before entering the key component.
The entered components need not have odd parity, although the final TMK, TPK or
PVK has odd parity.
Inputs: The
number of key components to be entered: 1 to 9.
The clear key component. Each key component must contain 16 hexadecimal
characters.
Outputs: The TMK,
TPK or PVK encrypted under LMK 14-15: 16 hexadecimal characters.
The key check value, formed by encrypting a block of zeros with the TMK, TPK or
PVK, and returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Invalid entry - the number of components is not in the range 1 to 9. Re-enter the correct number of components.
Data invalid; please re-enter: - the entered key component does not contain 16 hexadecimal characters. Re-enter the key component.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> K <Return>
Enter number of components (1-9): 2 <Return>
Enter component 1: XXXXXXXXXXXXXXXX <Return>
Enter component 2: XXXXXXXXXXXXXXXX <Return>
Encrypted key: YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ