Load a Secret Key

Command:

Load a secret key (encrypted using LMK pair 34-35) into the HSM's tamper- protected memory.

Notes:

This command requires the optional RSA licence, error code 67 will be returned if the command is not licenced.

It is the responsibility of the Host  application to ensure that a previously-loaded secret key is not accidentally overwritten by this command.

See: Using the RSA cryptosystem for details of where valid values of the common parameters can be found.

Field

Length & Type

Details

COMMAND MESSAGE

Message header

m A

(Subsequently returned to the Host unchanged).

Command code

2 A

Value EK.

Key index

2 N

Index number for secret key to be stored (used if multiple storage of keys is required).

 HSM: can be 00 to 20.

Secret key length

4 N

Length (in bytes) of the next field.

Secret key

n B

Secret key, encrypted under LMK pair 34-35.

End message delimiter

1 C

Optional.  Must be present if a message trailer is present. Value X’19.

Message trailer

n A

Optional.  Maximum length 32 characters.

RESPONSE MESSAGE

Message header

m A

Returned to the Host unchanged.

Response code

2 A

Value EL.

Error code

2 N

00 : No error

03 : Invalid key index

04 : Insufficient memory for secret key storage

13 : LMK error; report to supervisor

15 : Error in input data

49 : Secret key error; report to supervisor

78 : Secret key length error

End message delimiter

1 C

Present only if present in the command message. Value X’19.