|
Command: |
Generate two random keys and return them each encrypted under LMK pair 14-15 and under a ZMK. |
|
Notes: |
The command is used to send the keys to another party. The HSM must be in the Authorised state. If a 32-character ZMK is required, the HSM must be configured for double-length ZMKs using the CS (Configure Security) console command. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value FG. |
|
ZMK |
16H or 32H or |
ZMK encrypted under LMK pair 04-05. |
|
Atalla variant |
1 N or 2 N |
Optional. Atalla variant; for use in systems with Atalla equipment. |
|
Delimiter |
1 A |
Optional. If present the following three fields must be present. Value “;”. If an option is not required by the command fill with a valid value or 0. |
|
Key scheme ZMK |
1 A |
Optional. Key scheme for encrypting key under ZMK. |
|
Key scheme LMK |
1 A |
Optional. Key scheme for encrypting key under LMK. |
|
Key check value type |
1 A |
Optional. Key check value calculation method 0 - KCV backwards compatible. Not available for keys generated using new schemes 1 - KCV 6H. Only for available for keys generated under new key schemes 2 – KCV 6H for each key. Only available for keys generated in backwards compatible mode. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value FH. |
|
Error code |
2 N |
00 : No errors 10 : ZMK parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 17 : Not in the Authorized state 21 : Invalid user storage index |
|
First TMK, TPK or PVK under LMK |
32H or 1A+32H |
New TMK, TPK or PVK; encrypted under LMK pair 14-15. |
|
First TMK, TPK or PVK under ZMK |
32H or 1A+32H |
New TMK, TPK or PVK; encrypted under the ZMK. |
|
KCV Type = 0 or 2 |
||
|
First key check value |
16 H or 6 H |
Result of encrypting 64 binary zeroes with the first half of TMK, TPK or PVK. 6H if KCV Type = 2. |
|
Second key check value |
16 H or 6 H |
Result of encrypting 64 binary zeroes with the second half of TMK, TPK or PVK. 6H if KCV Type = 2. |
|
KCV Type = 1 |
||
|
Key check value |
6 H |
Result of encrypting 64 binary zeros with the key |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |