Command: GS (Generate and write to Smartcard). Can be used in online, offline or secure state.
Function: Generates a key in 2 to
3 component and write the components to Smartcards.
The HSM must be in the Authorised state.
Refer to Key Type Table for restrictions on Generate, Export and Import.
Inputs: Number
of components, 1 numeric digit.
Key length: (1 - Single length, 2 - Double Length, 3 -Triple Length).
Key Type: See Key Type Table
Key Scheme: Key scheme for encrypting key under LMK; see Key Scheme Table
(Defaults:Key Length 1, Key Scheme Z or 0, Key Length 2, Key Scheme U
or 0, Key Length 3, Key Scheme T or 0)
Outputs: Key encrypted under appropriate
LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex
Key Check value; formed by encrypting 64 binary zeros with the ZMK:
6 hexadecimal characters.
Errors: Invalid PIN; re-enter: - a PIN of less than 4 or greater than 8 is entered.
Smartcard error; command/return: 0003 – invalid PIN is entered
Warning - card not blank. Proceed? [Y/N]: - the smart card entered is not blank.
Overwrite key component? [Y/N]: - the Smartcard already contains a key component. It can be overwritten if desired.
Device write failed – the component could not be verified.
Invalid key scheme for key length - the Key scheme is inappropriate for Key length.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table.
Invalid key scheme - an invalid key scheme is entered. See Key Scheme Table.
Invalid entry – an invalid number of components has been entered.
Not a LMK card – card formatted for HSM storage or is a licence card.
Card not formatted – card is not formatted.
Command only allowed from authorised – the HSM is not in authorised state.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> GS <Return>
Enter Key length [1,2,3]: 1 <Return>
Enter Key Type: 001 <Return>
Enter Key Scheme: 0 <Return>
Enter number of components [2-3]: 2 <Return>
Insert card 1 and enter PIN: XXXX <Return>
Make additional copies? [Y/N]: N <Return>
Insert card 2 and enter PIN: XXXX <Return>
Make additional copies? [Y/N] <Return>
Encrypted key: XXXX XXXX XXXX XXXX
Key check value: XXXXXX