Command: GC (Generate Component). Can be used in online, offline or secure state.
Function: To
generate a key component and display it in plain and encrypted forms.
Refer to Key Type Table for Key types and restrictions on Generate, Export
and Import. The HSM must be in the Authorised state for some key types.
Inputs: Key
length: (1 - Single length, 2 - Double
Length, 3 -Triple Length).
Key Type: See Key Type Table
Key Scheme: Key scheme for encrypting key under LMK; see Key Scheme
Table
(Defaults: Key Length 1, Key Scheme 0,
Key Length 2, Key Scheme U,
Key Length 3, Key Scheme T)
Outputs: Clear
text key component: 16 Hex or 32 or 48 hexadecimal characters.
Key component encrypted under an appropriate variant of LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex. Component check value; formed
by encrypting 64 binary zeros with the component and returning the left-most 24
bits: 6 hexadecimal characters.
Errors: Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key scheme for key length - the Key scheme is inappropriate for Key length.
Invalid key scheme - an invalid key scheme is entered. See Key Scheme Table.
Internal
failure 12: function aborted - the contents of LMK storage have been
corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online> GC <Return>
Enter Key length [1,2,3]: 1 <Return>
Enter Key Type: 001 <Return>
Enter Key Scheme: 000 <Return>
Clear Component: XXXX XXXX XXXX XXXX
Encrypted Component: XXXX XXXX XXXX XXXX
Key check value: XXXXXX
Note: In order to produce a valid ZMK in the FK command then 000 must be used for the key type input.
Generate Key Components and Write to Smartcard
Command: GS (Generate and write to Smartcard). Can be used in online, offline or secure state.
Function: Generates
a key in 2 to 3 component and write the components to Smartcards.
The HSM must be in the Authorised state.
Refer to Key Type Table for restrictions on Generate, Export and Import.
Inputs: Number
of components, 1 numeric digit.
Key length: (1 - Single length, 2 -
Double Length, 3 -Triple Length).
Key Type: See Key Type Table
Key Scheme: Key scheme for encrypting key under LMK; see Key Scheme
Table (Defaults:Key
Length 1, Key Scheme Z or 0, Key Length 2, Key Scheme U or 0, Key Length 3, Key
Scheme T or 0)
Outputs: Key
encrypted under appropriate LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
Key Check value; formed by encrypting 64 binary zeros with the ZMK:
6 hexadecimal characters.
Errors: Invalid PIN; re-enter: - a PIN of less than 4 or greater than 8 is entered.
Smartcard error; command/return: 0003 – invalid PIN is entered
Warning - card not blank. Proceed? [Y/N]: - the smart card entered is not blank.
Overwrite key component? [Y/N]: - the Smartcard already contains a key component. It can be overwritten if desired.
Device write failed – the component could not be verified.
Invalid key scheme for key length - the Key scheme is inappropriate for Key length.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key scheme - an invalid key scheme is entered. See Key Scheme Table.
Invalid entry – an invalid number of components has been entered.
Not a LMK card – card formatted for HSM storage or is a licence card.
Card not formatted – card is not formatted.
Command only allowed from authorised – the HSM is not in authorised state.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> GS <Return>
Enter Key length [1,2,3]: 1 <Return>
Enter Key Type: 001 <Return>
Enter Key Scheme: 0 <Return>
Enter number of components [2-3]: 2 <Return>
Insert card 1 and enter PIN: XXXX <Return>
Make additional copies? [Y/N]: N <Return>
Insert card 2 and enter PIN: XXXX <Return>
Make additional copies? [Y/N] <Return>
Encrypted key: XXXX XXXX XXXX XXXX
Key check value: XXXXXX