Command: KG (Key Generate). Can be used in online, offline or secure state.
Function: To generate a random key
and return it encrypted under the LMK and optionally under a ZMK (for
transmission to another party).
Refer to Key Type Table for Key types
and restrictions on Generate, Export and Import. The HSM must be in the
Authorised state for some key types.
Inputs: Key length:
(1 - Single length, 2 - Double Length, 3 -Triple Length).
Key Type:
See Key Type Table
Key Scheme (LMK):
Key scheme for encrypting key under LMK; see Key
Scheme Table.
(Defaults: Key length 1, Key Scheme 0, Key Length
2, Key Scheme U,
Key Length 3, Key Scheme T)
Key Scheme (ZMK):
Key scheme for encrypting key under ZMK; see Key
Scheme Table
(Defaults: Key length 1, Key Scheme 0, Key Length
2, Key Scheme U,
Key Length 3, Key Scheme T)
Optional ZMK encrypted under LMK pair 04-05 (as generated using the D or
FK command): 16 Hex or 32 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
(if <Return> at this prompt only key encrypted under LMK returned)
Optional ZMK key check value (as generated using the D or FK
command or by extracting the first 6 digits generated using the CK command):
6 hexadecimal characters. (if <Return> at this prompt test not carried
out)
Optional ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore).
Used only when interworking with Atalla systems. Refer to the CS command.
Note that this input is not requested when the ZMK variant support is
set to off.
Outputs: The key encrypted under
appropriate LMK pair:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
Optionally the key encrypted under the ZMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
The key check value, formed by encrypting 64 binary zeros with the key
and returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Data invalid; please re-enter: - the encrypted ZMK does not contain the correct characters, or the key check value does not contain 6 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Key parity error; please re-enter: - the ZMK does not have odd parity on each byte. Re-enter the encrypted ZMK and check for typographic errors.
Invalid key scheme for key length - the Key scheme is inappropriate for Key length.
Invalid key scheme - the key scheme is invalid. See Key Scheme Table.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key type - the key type provided is not valid for key generation. See Key Type Table.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example 1:
Online> KG <Return>
Enter key length [1,2,3]: 2 <Return>
Enter key type: 002 <Return>
Enter key scheme (LMK): U <Return>
Enter key scheme (ZMK): X <Return>
Enter ZMK: U XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>
(Enter ZMK variant: X < Return >, if enabled by CS command)
Key under LMK: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key under ZMK: X YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key check value: ZZZZZZ
Example 2:
Online> KG <Return>
Enter key length [1,2,3]: 2 <Return>
Enter key type: 002 <Return>
Enter key scheme (LMK): U <Return>
Enter key scheme (ZMK): <Return>
Enter ZMK: < Return >
Key under LMK: U YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
Key check value: XXXXXX