Command: D (form ZMK). Can be used in online, offline or secure state.
Function: To form
a ZMK from encrypted components. The components may either be entered from the
console or read from Smartcards.
The manually entered components must have been encrypted using the Z command,
or generated using the F command.
The HSM must be in the Authorised state.
Inputs: Type of
input, Smartcard or keyboard.
The number of key components to be entered: 2 to 9.
The ZMK components, each encrypted under a variant of LMK pair 04-05: 16 or 32
hexadecimal characters.
Outputs: The ZMK
encrypted under LMK 04-05: 16 or 32 hexadecimal characters.
The key check value, formed by encrypting 64 binary zeros with the ZMK, and
returning all 64 bits: 16 or 32 hexadecimal characters.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Invalid entry – invalid number of components entered.
Data invalid; please re-enter: - the input data does not contain 16 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Component parity error; re-enter component: - the entered component does not have odd parity on each byte. Re-enter the encrypted component and check for typographic errors.
Invalid PIN; re-enter: - the entered PIN is not 4 to 8 digits or the pin does not match the PIN of the card.
Card checksum mismatch - the components on the cards do not match.
Smartcard error; command/return: 0003 – invalid PIN is entered.
Not a LMK card – card formatted for HSM settings or is a licence card.
Card not formatted – card is not formatted.
No component exists – there are no ZMK components on the card.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example 1: Input from console
Online-AUTH> D <Return>
Input components from smartcards? [Y/N]: N <Return>
Enter number of components (2-9): 2 <Return>
Enter encrypted component 1: XXXXXXXXXXXXXXXX <Return>
Enter encrypted component 2: XXXXXXXXXXXXXXXX <Return>
Encrypted ZMK: YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ
Example 2: Input from Smartcards
Online-AUTH> D <Return>
Input components from smartcards? [Y/N]: Y <Return>
Enter number of components (2-9): 2 <Return>
Insert card 1 and enter PIN: XXXX <Return>
Insert card 2 and enter PIN: XXXX <Return>
Encrypted ZMK: YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ