Import Key

Command: IK (Import Key). Can be used in online, offline or secure state.

Function:     To import a key from encryption under ZMK to encryption under LMK.  If the key imported does not have odd parity a warning will be issued and odd parity will be forced on the key before encryption under the LMK.
Refer to Key Type Table for Key types and restrictions on Import. The HSM must be in the Authorised state for some key types.

Inputs:        ZMK encrypted under LMK pair 04-05: 16 Hex or 32 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
Key Type:    See Key Type Table
Key Scheme:            Key scheme for encrypting key under LMK; see Key Scheme Table
(Defaults:     Key length 1, Key Scheme 0, Key Length 2, Key Scheme U,
Key Length 3, Key Scheme T)
Key encrypted under the ZMK: 16 hex, 1 alpha + 32 hex or 1 alpha + 48 hex
ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore). Used only when interworking with Atalla systems. Refer to the CS command. Note that this input is not requested when the ZMK variant support is set to off.

Outputs:     The key encrypted under appropriate LMK:
16 Hex or 1 Alpha + 32 Hex or 1 Alpha + 48 Hex.
If the key does not have odd parity the parity is corrected and warning issued.
The key check value, formed by encrypting 64 binary zeros with the key and returning the left-most 24 bits: 6 hexadecimal characters.

Errors:        Command only allowed from authorised – the HSM is not in authorised state.

Must be in authorised state – the key type provided requires the HSM to be in authorised state.  See Key Type Table.

Data invalid; please re-enter: - the encrypted ZMK does not contain the correct characters, or the key check value does not contain 6 hexadecimal characters. Re-enter the correct number of hexadecimal characters.

Key parity error; re-enter key: - the parity of the ZMK is not odd.

Warning: key parity corrected - the parity of the key encrypted under the ZMK is not odd.

Invalid key scheme - the key scheme is invalid.  See Key Scheme Table.

Invalid key type; re-enter: - the key type is invalid.  See Key Type Table.

Invalid key type - the key type provided is not valid for key generation.  See Key Type Table.

Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.

Example:

Online-AUTH> IK <Return>

Enter Key type: 002 <Return>

Enter Key Scheme: U <Return>

Enter ZMK: U aaaa aaaa aaaa aaaa bbbb bbbb bbbb bbbb <Return>

(Enter ZMK variant: X < Return >, if enabled by CS command)

Enter key : X XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX <Return>

Encrypted key: U MMMM MMMM MMMM MMMM MMMM MMMM MMMM MMMM

Key check value: NNNNNN