Command: KE (Key Export). Can be used in online, offline or secure state.
Function: To
translate a key from encryption under the LMK to encryption under a ZMK.
Refer to Key Type Table for Key types and restrictions on Export. The HSM must
be in the Authorised state for some key types.
Inputs: ZMK
encrypted under LMK pair 04-05: 16 Hex or 32 Hex or 1 Alpha + 32 Hex or 1 Alpha
+ 48 Hex.
Key type: See Key Type Table
Key Scheme (ZMK): Key scheme
for encrypting key under ZMK; see Key
Scheme Table
(Defaults: Key length 1, Key Scheme 0, Key Length 2, Key Scheme U, Key Length 3, Key Scheme T)
Key encrypted under the appropriate LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
The ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore). Used
only when interworking with Atalla systems. Refer to the CS command. Note that
this input is not requested when the ZMK variant support is set to off.
Outputs: Key
encrypted under the ZMK: 16 hex, 1 alpha + 32 hex or 1 alpha + 48 hex
The key check value: formed by encrypting 64 binary zeros with the key and
returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Must be in authorised state – the key type provided requires the HSM to be in authorised state. See Key Type Table.
Data invalid; please re-enter: - the encrypted ZMK or key does not contain 16 or 32 hex or 1 alpha + 32 hex or 1 alpha + 48 hex. Re-enter the correct number of hexadecimal characters.
Key parity error; re-enter key: - the ZMK or key does not have odd parity on each byte. Re-enter the key and check for typographic errors.
Invalid key scheme - the key scheme is invalid. See Key Scheme Table.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> KE <Return>
Enter Key type: 002 <Return>
Enter Key Scheme (ZMK): X <Return>
Enter ZMK: T XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
<Return>
(Enter ZMK variant: X <Return>, if enabled by CS command)
Enter key: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY <Return>
Key under ZMK: X YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key check value: XXXXXX