Translate Data Block

Command:

Translate a block of data from encryption under one key, to encryption under another key.

Notes:

Use of this command requires the optional Message Encryption licence. Error code 67 will be returned if a command is not licenced.

The data to be translated by this command may be presented to the HSM in different formats, as indicated by the Input Format Flag field.

The translated data block may be returned to the host in different formats, as indicated by the Output Format Flag field.

Field	Length & Type	Details
COMMAND MESSAGE
Message Header	m A	Will be returned to the Host unchanged.
Command Code	2 A	Value “M4”.
Source Mode Flag	2 N	00 : ECB 01 : CBC (requires IV) 02 : CFB8 (requires IV) 03 : CFB64 (requires IV)
Destination Mode Flag	2 N	00 : ECB 01 : CBC (requires IV) 02 : CFB8 (requires IV) 03 : CFB64 (requires IV)
Input Format Flag	1 N	0 : Binary 1 : Hex-Encoded Binary
Output Format Flag	1 N	0 : Binary 1 : Hex-Encoded Binary
Source Key Type	3 H	Type of Source (Decryption) Key. The following Key Types are permitted: 00A : ZEK 00B : DEK
Source Key	16H or 1A+32H or 1A+48H	Source (Decryption) Key. Used (in conjunction with the Source IV if appropriate) to decrypt the supplied Message.
Destination Key Type	3 H	Type of Destination (Encryption) Key. The following Key Types are permitted: 00A : ZEK 00B : DEK
Destination Key	16H or 1A+32H or 1A+48H	Destination (Encryption) Key. Used (in conjunction with the Destination IV if appropriate) to re-encrypt the decrypted Message.
Source IV	16 H	The source IV, to be used in conjunction with Source Key. When translating the first of a series of blocks, the initial Source IV should match the initial IV used to encrypt the original message. For subsequent blocks, this value should be the Source IV returned from translating the previous block. Only present if the Source Mode Flag is 01, 02 or 03.
Destination IV	16 H	The input IV, to be used in conjunction with Destination Key. When translating the first of a series of blocks, the initial Destination IV should be set by the caller – a typical value is {00 00 00 00 00 00 00 00}. For subsequent blocks, this value should be the Destination IV returned from translating the previous block. Only present if the Destination Mode Flag is 01, 02 or 03.
Message Length	4 H	The length of the following field, in bytes. This must be a multiple of 8 for binary formatted messages, or a multiple of 16 for hex-encoded binary messages.
Encrypted Message		The message to be translated. The length & type of the field will depend on the value of the Input Format Flag:
	n B	Input Format Flag = 0 (Binary); n = multiple of 8.
	n H	Input Format Flag = 1 (Hex-Encoded Binary); n = multiple of 16.
End Message Delimiter	1 C	Optional. Must be present if a message trailer is present. Value X'19.
Message Trailer	n A	Optional. Maximum length 32 characters.

Field	Length & Type	Details
RESPONSE MESSAGE
Message Header	m A	Will be returned to the Host unchanged.
Response Code	2 A	Value “M5”.
Error Code	2 N	00 : No error 02 : Invalid Mode Flag field 03 : Invalid Input Format Flag field 04 : Invalid Output Format Flag field 05 : Invalid Key Type field 06 : Invalid Message Length field 10 : Encryption Key Parity Error 35 : Illegal Message Format Any standard error code.
Source IV	16 H	The output IV, calculated using the Source Key. When translating a series of blocks, this Source IV should be supplied as input when encrypting the next block. Only present if the Source Mode Flag is 01, 02 or 03.
End Message Delimiter	1 C	Will only be present if present in the command message. Value X'19
Message Trailer	n A	Will only be present if present in the command message. Maximum length 32 characters
Message Header	m A	Will be returned to the Host unchanged