The HSM provides a set of commands for key generation, key export and key import. An export command is one that translates a key from LMK encryption to encryption under a ZMK, for sending to another party. Import is the reverse, for receiving keys and translating to local storage. The Key Type Table controls ‘permitted actions’ for the console and host commands used to generate, import and export keys.
Errors are reported when an action breaks the rules imposed by the table. For example:
29 : Key function not permitted
The table below shows the actions that can be applied to each specific LMK pair.
|
Variant ð |
|
0 |
|
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
| |
|
ò LMK ò |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I |
G |
E |
I | |
|
Pair |
Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
04 – 05 |
00 |
ZMK |
ZMK (Comp) |
KML |
|
|
|
|
|
|
|
||||||||||||||||||||
|
A |
|
|
U |
A |
U |
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
06 – 07 |
01 |
ZPK |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
14 – 15 |
02 |
PVK TPK TMK |
|
|
|
CSCK |
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
16 - 17 |
03 |
TAK |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
18 – 19 |
04 |
|
DTAB |
IPB |
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
20 – 21 |
05 |
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
22 – 23 |
06 |
WWK |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
24 – 25 |
07 |
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
26 - 27 |
08 |
ZAK |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
28 – 29 |
09 |
BDK |
MK-AC |
MK-SMI |
MK-SMC |
MK-DAC |
MK-DN |
|
MK-CVC3 |
|
|
||||||||||||||||||||
|
U |
A |
U |
U |
A |
U |
U |
A |
U |
U |
A |
U |
U |
A |
U |
U |
A |
U |
|
|
|
U |
A |
U |
|
|
|
|
|
| ||
|
30 – 31 |
0A |
ZEK |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
32 – 33 |
0B |
DEC |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
34 – 35 |
0C |
RSA-SK |
HMAC |
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
U |
A |
U |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
36 – 37 |
0D |
RSA-MAC |
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
38 – 39 |
0E |
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
Table of actions applied to each specific LMK pair and variant in generic HSM commands
G = Generate. E = Export. I = Import.
blank = Not allowed.
A = allowed in Authorised state.
U = allowed Unconditionally, i.e. without Authorised state.
Not all key type codes are available in all commands for security reasons.
The Key type code used within commands is formed by using the Variant code as the first character then the LMK pair code as the second character. For example the code for a ZPK is 001.