Command: GK (Generate Keys). The HSM must be in the Secure state.
Function: To generate an LMK component set and store the components to Smartcards.
Inputs: Optionally,
three secret values can be entered for each component. The first two values are
random 16-digit hexadecimal, the third is 8-character decimal (for example, the
date). The HSM generates random values if no values are input.
If password mode authorisation is enable (using the CS command), then the HSM
prompts twice for the password after the first secret value. This mode is
provided for backward compatibility.
Outputs: LMK
components written to Smartcards.
Master key check value.
Errors: Card not formatted – card is not formatted
Not a LMK card – card formatted for HSM settings or is a licence card
Warning - card not blank. Proceed? [Y/N]: - LMK card is not blank
Overwrite LMK set? [Y/N]: - card already contains an LMK component
Smartcard error; command/return: 0003 – invalid PIN is entered
Invalid PIN; re-enter: - a PIN of less than 4 or greater than 8 is entered.
Example:
It is assumed that the HSM is set for Smartcard mode and Echo On (CS command).
Secure> GK <Return>
LMKs must be erased before proceeding.
Erase LMKs? Y <Return>
LMK component set [1-9]: 1 <Return>
Enter secret value A: aaaaaaaaaaaaaaaa <Return>
Enter secret value B: aaaaaaaaaaaaaaaa <Return>
Enter value C: 18052002 <Return>
Insert blank card and enter PIN: ***** <Return>
Writing keys
Checking keys
Device write complete, check: XXXX XXXX XXXX XXXX
Remove the Smartcard and store it securely.
Make
another copy? [Y/N]: N <Return>
X copies made
Repeat the procedure to generate further Component Sets.