Command: EC (Encrypt Clear Component). Can be used in online, offline or secure state.
Function: To encrypt a clear text
component and display the result at the Console.
The HSM must be in the Authorised state.
Refer to Key Type Table for Key types and restrictions on Generate, Export
and Import.
If the component does not have odd parity, odd parity will be forced before
encryption
Inputs: Clear
text key component: 16 or 32 or 48 hexadecimal characters.
Key Type: See Key Type Table
Key Scheme: Key scheme for encrypting key under LMK; see Key Scheme Table
(Defaults: Key Length 1, Key Scheme 0, Key Length
2, Key Scheme U, Key Length 3, Key Scheme T)
Outputs: The key component encrypted
under an appropriate variant of LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
Component check value; formed by encrypting 64 binary zeros with the component
and returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Data invalid; please re-enter: - the input data does not contain 16 or 32 or 48 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key scheme - an invalid key scheme is entered. See Key Scheme Table.
Command only allowed from authorised – the HSM is not in authorised state.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> EC <Return>
Enter Key type: 001 <Return>
Enter Key Scheme: 0 <Return>
Enter component: **************** <Return>
Encrypted component: XXXX XXXX XXXX XXXX
Key check value: XXXX XX