Command: DE (Form a ZMK). Can be used in online, offline or secure state.
Function: To enter a *ZMK as either two single-length components (halves) or as two to nine double-length components.
Notes: The DE command differs from the D command as follows:
· It uses clear components (not encrypted components).
· It forms the *ZMK from two 16-character halves, or from two to nine 32-character components.
When H/F is set to H, two 16-character halves are used: the user is prompted
to enter 16 left characters, then 16 right characters. (The unit concatenates
the left and right halves).
When H/F is set to F, two to nine 32-character components are used: the
user is prompted to enter the first component, then the second component,
then the third, etc., according to the number of components to be entered.
(The unit exclusive-OR combines the 32-character components).
The parity of the components is not checked, but the resulting *ZMK has
odd parity forced before encryption.
The HSM must be in the Authorised state.
If the Echo parameter entered in the CS (Configure Security) command has
been set to N (on), the clear components are echoed onto the screen as
they are entered. If this is not required, either:
· Use the CS command to set the Echo parameter to F (off);
or
· Enter Ù (i.e. press the Shift and 6 keys) before entering each component.
Inputs: A
half-length or full-length flag.
The number of components.
The clear components: each 16 or 32 hexadecimal characters.
Outputs: The *ZMK encrypted
under LMK pair 04-05.
The key check value (KCV) for the *ZMK, if restrict KCV is enabled in the
CS command the output will be restricted to the 6 most significant digits
with padding zeros for the remainder.
Errors: Command only allowed from authorised – the HSM must be in authorised state.
Data invalid; please re-enter: - the input data does not contain 16 or 32 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example 1: using two single-length components (halves):
Online-AUTH> DE <Return>
Half or full-length components? (H/F): H <Return>
Enter clear left half: XXXX XXXX XXXX XXXX <Return>
Enter clear right half: XXXX XXXX XXXX XXXX <Return>
Encrypted *ZMK: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Key check value: XXXX XXXX
Example 2: using two to nine double-length components:
Online-AUTH> DE <Return>
Half or full-length components? (H/F): F <Return>
Enter number of clear components (2-9): 3 <Return>
Enter component 1: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
Enter component 2: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
Enter component 3: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
Encrypted *ZMK: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Key check value: XXXX XXXX