Command: BK (Build a Key). Can be used in online, offline or secure state.
Function: To build a key from clear components. The components are not checked for parity, but odd parity is forced on the final key before encryption under the LMK.
The HSM must be in the Authorised state.
Inputs: Key Type; 1 numeric digit:
"0" - Base Derivation Key (BDK)
"1" - Card Verification Key (CVK)
"2" - Zone PIN Key (ZPK)
The number of key components to be entered: 2 to 9.
The clear key component. Each BDK component must contain 32 hexadecimal characters and each CVK or ZPK component must contain 16 hexadecimal characters.
Outputs: The key formed by exclusive-ORing the entered components, forcing odd parity and encrypting under the appropriate LMK pair:
· Key type "0" - LMK pair 28 - 29, 32 hexadecimal digits.
· Key type "1" - LMK pair 14 - 15 variant 4, 16 hexadecimal digits.
· Key type "2" - LMK pair 06 - 07, 16 hexadecimal digits.
The key check value, formed by encrypting a block of zeros with the key, and returning all 64 bits: 16 hexadecimal characters.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Invalid entry - invalid number of components has been entered.
Data invalid; please re-enter: - the amount of input data is incorrect or non-hexadecimal characters have been entered. Re-enter the correct number of hexadecimal characters.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example 1: Form a *BDK from components
Online-AUTH> BK <Return>
Enter key type [0=BDK, 1=CVK, 2=ZPK]: 0 <Return>
Enter number of components (2-9): 2 < Return>
Enter component 1: XXXX XXXX XXXX XXX XXXX XXXX XXXX XXXX <Return>
Enter component 2: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
Encrypted key: YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ
Example 2: Form a CVK from components
Online-AUTH> BK <Return>
Enter key type [0=BDK, 1=CVK, 2=ZPK]: 1 <Return>
Enter number of components (2-9): 3 <Return>
Enter component 1: XXXX XXXX XXXX XXXX <Return>
Enter component 2: XXXX XXXX XXXX XXXX <Return>
Enter component 3: XXXX XXXX XXXX XXXX <Return>
Encrypted key: YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ
Example 3: Form a ZPK from components
Online-AUTH> BK <Return>
Enter key type [0=BDK, 1=CVK, 2=ZPK]: 2 <Return>
Enter number of components (2-9): 2 <Return>
Enter component 1: XXXX XXXX XXXX XXXX <Return>
Enter component 2: XXXX XXXX XXXX XXXX <Return>
Encrypted key: YYYY YYYY YYYY YYYY
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ