|
Command: |
Generate an RSA key set. |
|
Notes: |
This command requires the optional RSA licence, error code 67 will be returned if the command is not licenced. Depending on key size, the function may take several minutes to execute. The HSM must be in the Authorised state. WARNING: Public keys generated by this command should not MAC’d using the same LMK. If a Public Exponent is supplied in the command message, it must be an odd value (i.e. the least-significant bit must be 1). If an even Public Exponent is supplied, an error code is returned. See: Using the RSA cryptosystem for details of where valid values of the common parameters can be found. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message Header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command Code |
2 A |
Value EI. |
|
Key type |
1 N |
Key type indicator: 0 : Signature only 1 : Key management only 2 : Both signature and key management |
|
Key length |
4 N |
Modulus length in bits. Minimum 0320, maximum 2048 for all key types. |
|
Public key encoding |
2 N |
Encoding rules for public key (must allow public key length to be inferred). |
|
Public exponent length |
4 N |
Optional. Must be present if a public exponent is supplied. Indicates the length (in bits) of the public exponent. |
|
Public exponent |
n B |
Optional. Must be an odd value. If not supplied, a default exponent of 65537 is assumed. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
|
|
|
|
Field |
Length & Type |
Details |
|
RESPONSE MESSAGE |
||
|
Message header |
m A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value EJ. |
|
Error code |
2 N |
00 : No errors 03 : Invalid public key encoding type 04 : Length error 05 : Invalid key type 06 : Public exponent length error 08 : Supplied public exponent is even 13 : LMK error; report to supervisor 15 : Error in input data 17 : Not in Authorized state 47 : DSP error; report to supervisor |
|
Public key |
n B |
Public key, encoded appropriately. |
|
Secret key length |
4 N |
Length (in bytes) of the next field. |
|
Secret key |
n B |
Secret key, encrypted under LMK pair 34-35. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |
|
|
|
|
Example
Command Request:
EI00450010017<010001>
Command Response:
EJ00<30400239***************************************************************
***************************************************0203010001>0160<*********
****************************************************************************
****************************************************************************
****************************************************************************
****************************************************************************
*******>