All the key management commands have extensions to enable the specification of the key scheme to use when encrypting a key. This also defines the key length to generate within key generation commands. For import and export of keys the key schemes must be consistent as far as length is concerned i.e. if a double length key is input the key scheme flag defining the output must also be for a double length key.
The extension consists of a delimiter “;” and three single character option fields. If the extension is used all fields must be provided. If the command does not use an option, “0” or any valid value can be entered in that field. The option will be ignored during processing.
The option fields are:
Key scheme for encrypting the output key under ZMK.
Key scheme for encrypting the output key under LMK.
Key check value type.
The valid values for these options are:
Key under ZMK - Z, U, T Z – Single Length, U – Double Length, T – Triple Length.
- X, Y Encryption under Transport Key
X – ANSI X9.17 Double Length
Y – ANSI X9.17 Triple Length
These follow key encryption schemes defined previously.
Key under LMK - Z, U, T Z – Single length, U – Double Length, T – Triple Length.
Key check value
- 0
Is backwards compatible and produces a 16 hex KCV
(except for DW & DY where an 8 hex KCV is returned).
- 1 Produces a 6 hexadecimal character KCV
- 2 Is for special cases and is defined where used.