Command: Z (ZMK encrypt). Can be used in online, offline or secure state.
Function: To encrypt a clear text
component and display the result at the Console.
The HSM must be in the Authorised state.
Inputs: Clear text ZMK component: 16 or 32 hexadecimal characters.
Outputs: The ZMK component encrypted
under a variant of LMK pair 04-05: 16 or 32 hexadecimal characters.
Component check value; formed by encrypting 64 binary zeros with the component
and returning the left-most 24 bits: 6 hexadecimal characters.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Data invalid; please re-enter: - the input data does not contain 16 or 32 hexadecimal characters. Re-enter the correct number of hexadecimal characters.
Component parity error; re-enter component: - the entered component does not have odd parity on each byte. Ensure the component has odd parity and re-enter.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> Z <Return>
Enter ZMK Component: **************** <Return>
Encrypted ZMK Component: XXXX XXXX XXXX XXXX
Key check value: XXXX XXXX XXXX XXXX