Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Random_Number_Generate Diversified_Key_Generate

┬┬

┌────┴────┐ │

│ │

 Clear_Key_ │

Key_Part_ Import │

Import ┬ ┌───────────────────┘

┌─────────────────┐ ┬ │ │

┴ │ │ │ │ ┌────┐

Symmetric_Key_Import ┌───────────────┐ │K │

 │Internal Key─Token ├─────Key_Record_Write├─e S │

┌──────┴───────────┐ │ ─────┤Key_Record_Read──┤y t │

│RSA─enciphered─key│ └─┬─────┬────────┘ │ o │

└────────────────┘ ││ │ │ │ │ r │

┴ ┴ ││ │ │ │ Key_Record_Create├─── a │

Symmetric_Key_Export ││ │ │ │ Key_Record_Delete├─── g │

  ││ │ │ ┴ Key_Record_List├───── e │

│ └─────────────────┘│ │ │ Key_ └────┘

├─────────────────┬───┘ │ │ Import

┴ │ ┴ │ 

Symmetric_Key_ │ Key_ │ │

Generate │ Generate │ │

│ ┬  │

└───┐ │ Key_ │

│ │ Export │

┌─────────────────┐│ │ ┬ │

┴ ┌──────────┴────┐

Key_Translate │External Key─Token │

│ │

│ └─┬─────────────────┘

│

└─────────────────┘

Figure 5-8. Key-Processing Verbs

In addition to the utilities that are supplied with the hardware, you can use the

Key_Part_Import verb in an application program to load keys from individual key

parts.

Note that loading of key parts into the Coprocessor with the Master_Key_Process

and Key_Part_Import verbs or the CNM utility exposes the key parts to potential

copying by unauthorized processes. If you are concerned by this exposure, you

should randomly generate master keys within the Coprocessor, and/or you should

consider distribution of other keys using public key cryptographic techniques.

Generating Keys

A CCA cryptographic facility can generate

2

clear keys, key parts, and

multiply-enciphered keys or pairs of keys. These keys are generated as follows:

 To generate a clear key, use the odd-parity mode of the

Random_Number_Generate verb.

 To generate a key part, use the odd-parity mode of the

Random_Number_Generate verb. for the first part, and use the even-parity

mode for subsequent key parts. You can use a key part with the

Key_Part_Import verb.

 A multiply-enciphered key or pair of keys. To generate a random,

multiply-enciphered key, use the Key_Generate verb. The Key_Generate verb

multiply-enciphers a random number using a control vector and either the

2

Keys can also be “diversified” from key-generating keys, see “Diversifying Keys” on page 5-19.

5-16 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next