Command: IV (Import CVK or PVK). Can be used in online, offline or secure state.
Function: To import VISA PVK or
CVK from encryption under ZMK to encryption under LMK.
The HSM must be in the Authorised state.
Inputs: ZMK encrypted
under LMK pair 04-05: 16 or 32 hexadecimal characters.
Key type: C or P (for CVK or PVK respectively).
Key A and B encrypted under the ZMK: 16 hexadecimal characters.
ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore). Used
only when interworking with Atalla systems. Refer to the CS command. Note
that this input is not requested when the ZMK variant support is set to
off.
Outputs: Key A and B encrypted under
LMK 14-15 or variant: 16 hexadecimal characters.
Key check value: 16 hexadecimal characters, if restrict KCV is enabled
in the CS command the output will be restricted to the 6 most significant
digits with padding zeros for the remainder.
Errors: Command only allowed from authorised – the HSM is not in authorised state.
Data invalid; please re-enter: - incorrect input data length or invalid ZMK variant.
Key parity error; re-enter: - the ZMK or key entered does not have odd parity.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online-AUTH> IV <Return>
Key type [Pvk/Cvk]: C <Return>
Enter ZMK: aaaa aaaa aaaa aaaa bbbb bbbb bbbb bbbb <Return>
(Enter ZMK variant: X <Return>, if enabled by CS command)
Enter key A: XXXXXXXXXXXXXXXX <Return>
Enter key B: YYYYYYYYYYYYYYYY <Return>
Key A under LMK: MMMM MMMM MMMM MMMM
Key check value: NNNN NNNN NNNN NNNN
Key B under LMK: MMMM MMMM MMMM MMMM
Key check value: NNNN NNNN NNNN NNNN