Translate a Secret Key from the Old LMK to a New LMK

Command:

This command requires the optional RSA licence, error code 67 will be returned if the command is not licenced.

Translate a secret key from encryption under the old LMK pair 34-35 held in key change storage, to encryption under a new LMK pair 34-35.

See: Using the RSA cryptosystem for details of where valid values of the common parameters can be found.

Field

Length & Type

Details

COMMAND MESSAGE

Message header

m A

(Subsequently returned to the Host unchanged).

Command code

2 A

Value EM.

Secret key length

4 N

Length (in bytes) of the next field.

Secret key

n B

Secret key, encrypted under LMK pair 34-35.

End message delimiter

1 C

Optional.  Must be present if a message trailer is present. Value X’19.

Message trailer

n A

Optional.  Maximum length 32 characters.

RESPONSE MESSAGE

Message header

m A

Returned to the Host unchanged.

Response code

2 A

Value EN.

Error code

2 N

00 : No error

13 : LMK error; report to supervisor

15 : Error in input data

49 : Secret key error; report to supervisor

78 : Secret key length error

Secret key length

4 N

Length (in bytes) of the next field.

Secret key

n B

Secret key, encrypted under new LMK pair 34-35.

End message delimiter

1 C

Present only if present in the command message. Value X’19.