Export Key

Command: KE (Key Export). Can be used in online, offline or secure state.

Function:     To translate a key from encryption under the LMK to encryption under a ZMK.
Refer to Key Type Table for Key types and restrictions on Export. The HSM must be in the Authorised state for some key types.

Inputs:        ZMK encrypted under LMK pair 04-05: 16 Hex or 32 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
Key type:                 See Key Type Table
Key Scheme (ZMK):             Key scheme for encrypting key under ZMK; see Key Scheme Table
(Defaults: Key length 1, Key Scheme 0, Key Length 2, Key Scheme U,          Key Length 3, Key Scheme T)
Key encrypted under the appropriate LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
The ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore). Used only when interworking with Atalla systems. Refer to the CS command. Note that this input is not requested when the ZMK variant support is set to off.

Outputs:     Key encrypted under the ZMK: 16 hex, 1 alpha + 32 hex or 1 alpha + 48 hex
The key check value: formed by encrypting 64 binary zeros with the key and returning the left-most 24 bits: 6 hexadecimal characters.

Errors:        Must be in authorised state – the key type provided requires the HSM to be in authorised state.  See Key Type Table.

Data invalid; please re-enter: - the encrypted ZMK or key does not contain 16 or 32 hex or 1 alpha + 32 hex or 1 alpha + 48 hex. Re-enter the correct number of hexadecimal characters.

Key parity error; re-enter key: - the ZMK or key does not have odd parity on each byte. Re-enter the key and check for typographic errors.

Invalid key scheme - the key scheme is invalid.  See Key Scheme Table.

Invalid key type; re-enter: - the key type is invalid.  See Key Type Table.

Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.

Example:

Online-AUTH> KE <Return>

Enter Key type: 002 <Return>

Enter Key Scheme (ZMK): X <Return>

Enter ZMK: U XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX

<Return>

(Enter ZMK variant: X <Return>, if enabled by CS command)

Enter key: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY <Return>

Key under ZMK: X YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY

Key check value: XXXXXX