|
Command: |
Generate a key check value for one of the following: ZMK (single-length), ZPK, TMK, TPK, PVK, TAK |
|
Notes: |
The command can be used to verify a key received from another party. The HSM generates the value by encrypting 64 binary zeroes under the key. This command does not support the use of double-length ZMKs. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value KA. |
|
Encrypted key |
16H or 1A+32H |
One of the following: ZMK, ZPK, TMK, TPK, PVK or TAK encrypted under the relevant LMK pair. |
|
Key type code |
2 N |
The key type identifier: 00 : ZMK 01 : ZPK 02 : TMK, TPK or PVK 03 : TAK |
|
Delimiter |
1 A |
Optional. If present the following three fields must be present. Value “;”. If an option is not required by the command fill with a valid value or 0. |
|
Key scheme ZMK |
1 A |
Optional. Key scheme for encrypting key under ZMK. |
|
Key scheme LMK |
1 A |
Optional. Key scheme for encrypting key under LMK. |
|
Key check value type |
1 A |
Optional. Key check value calculation method 0 - KCV backwards compatible. 1 - KCV 6H. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value KB. |
|
Error code |
2 N |
00 : No errors 10 : Encrypted key parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 21 : Invalid user storage index |
|
Key check value |
16 H or 6 H |
The check value for the given key. Calculated by encrypting 64 binary zeroes under the key. 16H or 6H depends upon KCV type option. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |