IBM 2 Computer Hardware User Manual


 
CCA Release 2.54 Data_Key_Import
Data_Key_Import (CSNBDKM)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
The Data_Key_Import verb imports an encrypted, source DES single-length or
double-length DATA key and creates or updates a target internal key-token with the
master-key-enciphered source key. The verb can import the key into an internal
key-token in application storage or in key storage. This verb, which is authorized
with a different control point than used with the Key_Import verb, allows you to limit
the import operations to DATA keys as compared to the capabilities of the more
general verb.
Specify the following:
source_key_token: An external key-token containing the source key to be imported.
The external key-token must indicate that a control vector is present. However,
the control vector is usually valued at zero. A double-length key that should
result in a default DATA control vector must be specified in a version X'01'
external key-token. Otherwise, both single-length and double-length keys are
presented in a version X'00' key token.
Alternatively, you can provide the encrypted DATA-key at offset 16 in an
otherwise all X'00' key-token. The verb will process this token format as a
DATA key encrypted by the IMPORTER key and a null (all zero) control vector.
importer_key_identifier: An IMPORTER key-encrypting-key under which the source
key is deciphered.
target_key_identifier: An internal or null key-token. The internal key-token can be
located in application storage or in key storage.
The verb builds the internal key-token as follows:
Creates a default control-vector for a DATA key-type in the internal key-token,
provided the control vector in the external key-token is zero. If the control
vector is not zero, the verb copies the control vector from the external
key-token into the internal key-token.
Multiply-deciphers the key under the keys formed by the exclusive-OR of the
key-encrypting key (identified in the importer_key_identifier) and the control
vector in the external key-token, then multiply-enciphers the key under keys
formed by the exclusive-OR of the symmetric master-key and the control vector
in the internal key-token. The verb places the key in the internal key-token.
Calculates a token-validation value and stores it in the internal key-token.
This verb does not adjust the parity of the source key.
Chapter 5. DES Key-Management 5-33