Command: GZ (Generate ZMK). Can be used in online, offline or secure state.
Function: To generate a ZMK in 2
to 9 component and write the components to Smartcards.
The HSM must be in Authorised state
Inputs: Number of components, 1 numeric digit.
Outputs: ZMK encrypted under LMK
pair 04-05 : 16 or 32 hexadecimal characters.
ZMK Check value; formed by encrypting 64 binary zeros with the ZMK; 16
hexadecimal characters, if restrict KCV is enabled in the CS command the
output will be restricted to the 6 most significant digits with padding
zeros for the remainder.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Invalid PIN; re-enter: - the entered PIN is not 4 – 8 digits.
Smartcard error; command/return: 0003 – invalid PIN is entered.
Not a LMK card – card formatted for HSM storage or is a licence card.
Card not formatted – card is not formatted.
Warning - card not blank. Proceed? [Y/N]: - the smart card entered is not blank.
Overwrite ZMK component? [Y/N]: - a ZMK component already exists on the card.
Invalid entry – invalid number of components entered.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> GZ <Return>
Enter number of components [2-3]: 2<Return>
Insert card 1 and enter PIN: XXXX <Return>
Make additional copies? [Y/N]: N <Return>
Insert card 2 and enter PIN: XXXX <Return>
Make additional copies? [Y/N] N <Return>
Encrypted ZMK: XXXX XXXX XXXX XXXX
Key check value: XXXX XXXX XXXX XXXX