Translate a Base Derivation Key from *ZMK to LMK Encryption

Notes:

The command ignores the S/D (single/double length) parameter set by the CS (Configure Security) console command.

A key check value (KCV) is produced for the *BDK.

Command is fully backward compatible with the existing DW command in existing firmware

It has been extended to support Triple Length *BDK using Key Scheme T.

Field

Length & Type

Details

COMMAND MESSAGE

Message header

m A

(Subsequently returned to the Host unchanged).

Command code

2 A

Value DW.

*ZMK

32H or 1A+32H or 1A+48H

The *ZMK encrypted under LMK pair 04-05.

*BDK

32H or 1A+32H or 1A+48H

The *BDK encrypted under the *ZMK.

Atalla variant

1 N or 2 N

Optional. For use in networks that use a *ZMK variant.

Delimiter

1 A

Optional. If present the following three fields must be present.  Value “;”.

Key scheme ZMK

1 A

Optional. Key scheme for encrypting key under ZMK.

Key scheme LMK

1 A

Optional. Key scheme for encrypting key under LMK.

Key check value type

1 A

Optional. Key check value calculation method

0 = KCV backwards compatible (8H for this command).

1 = KCV 6H.

2 = KCV 8H.

End message delimiter

1 C

Present only if a message trailer is present. Value X’19.

Message trailer

n A

Optional. Maximum length 32 characters.

RESPONSE MESSAGE

Message header

n A

Returned to the Host unchanged.

Response code

2 A

Value DX.

Error code

2 N

00 : No errors

10 : *ZMK parity error

11 : *BDK parity error

12 : No keys loaded in user storage

15 : Error in input data

23 : Invalid PIN Block Format Code

27 : *BDK not double length

*BDK

32H or 1A+32H or 1A+48H

The *BDK encrypted under LMK pair 28-29.

Key check value

6H or 8H

Result of encrypting 64 binary zeros with the *BDK.

End message delimiter

1 C

Present only if present in the command message. Value X’19

Message trailer

n A

Present only if present in the command message. Maximum length 32 characters.