Command: KG (Key Generate). Can be used in online, offline or secure state.
Function: To
generate a random key and return it encrypted under the LMK and optionally
under a ZMK (for transmission to another party).
Refer to Key Type Table for Key types and restrictions on Generate, Export
and Import. The HSM must be in the Authorised state for some key types.
Inputs: Key
length: (1 - Single length,
2 - Double Length, 3 -Triple Length).
Key Type: See Key Type Table
Key Scheme (LMK): Key scheme
for encrypting key under LMK; see Key
Scheme Table.
(Defaults: Key length 1, Key Scheme 0,
Key Length 2, Key Scheme U,
Key Length 3, Key Scheme T)
Key Scheme (ZMK): Key scheme
for encrypting key under ZMK; see Key
Scheme Table
(Defaults: Key length 1, Key Scheme 0,
Key Length 2, Key Scheme U,
Key Length 3, Key Scheme T)
Optional ZMK encrypted under LMK pair 04-05 (as generated using the D or FK
command): 16 Hex or 32 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex. (if
<Return> at this prompt only key encrypted under LMK returned)
Optional ZMK key check value (as generated using the D or
FK command or by extracting the first 6 digits generated using the CK
command): 6 hexadecimal characters. (if <Return> at this prompt test not
carried out)
Optional ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore).
Used only when interworking with Atalla systems. Refer to the CS command. Note
that this input is not requested when the ZMK variant support is set to off.
Outputs: The key
encrypted under appropriate LMK pair:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
Optionally the key encrypted under the ZMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
The key check value, formed by encrypting 64 binary zeros with the key and
returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Data invalid; please re-enter: - the encrypted ZMK does not contain the correct characters, or the key check value does not contain 6 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Key parity error; please re-enter: - the ZMK does not have odd parity on each byte. Re-enter the encrypted ZMK and check for typographic errors.
Invalid key scheme for key length - the Key scheme is inappropriate for Key length.
Invalid key scheme - the key scheme is invalid. See Key Scheme Table.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key type - the key type provided is not valid for key generation. See Key Type Table.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example 1:
Online> KG <Return>
Enter key length [1,2,3]: 2 <Return>
Enter key type: 002 <Return>
Enter key scheme (LMK): U <Return>
Enter key scheme (ZMK): X <Return>
Enter ZMK: U XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
(Enter ZMK variant: X < Return >, if enabled by CS command)
Key under LMK: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key under ZMK: X YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key check value: ZZZZZZ
Example 2:
Online> KG <Return>
Enter key length [1,2,3]: 2 <Return>
Enter key type: 002 <Return>
Enter key scheme (LMK): U <Return>
Enter key scheme (ZMK): <Return>
Enter ZMK: < Return >
Key under LMK: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY