Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Data_Key_Import

Data_Key_Import (CSNBDKM)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The Data_Key_Import verb imports an encrypted, source DES single-length or

double-length DATA key and creates or updates a target internal key-token with the

master-key-enciphered source key. The verb can import the key into an internal

key-token in application storage or in key storage. This verb, which is authorized

with a different control point than used with the Key_Import verb, allows you to limit

the import operations to DATA keys as compared to the capabilities of the more

general verb.

Specify the following:

source_key_token: An external key-token containing the source key to be imported.

The external key-token must indicate that a control vector is present. However,

the control vector is usually valued at zero. A double-length key that should

result in a default DATA control vector must be specified in a version X'01'

external key-token. Otherwise, both single-length and double-length keys are

presented in a version X'00' key token.

Alternatively, you can provide the encrypted DATA-key at offset 16 in an

otherwise all X'00' key-token. The verb will process this token format as a

DATA key encrypted by the IMPORTER key and a null (all zero) control vector.

importer_key_identifier: An IMPORTER key-encrypting-key under which the source

key is deciphered.

target_key_identifier: An internal or null key-token. The internal key-token can be

located in application storage or in key storage.

The verb builds the internal key-token as follows:

 Creates a default control-vector for a DATA key-type in the internal key-token,

provided the control vector in the external key-token is zero. If the control

vector is not zero, the verb copies the control vector from the external

key-token into the internal key-token.

 Multiply-deciphers the key under the keys formed by the exclusive-OR of the

key-encrypting key (identified in the importer_key_identifier) and the control

vector in the external key-token, then multiply-enciphers the key under keys

formed by the exclusive-OR of the symmetric master-key and the control vector

in the internal key-token. The verb places the key in the internal key-token.

 Calculates a token-validation value and stores it in the internal key-token.

This verb does not adjust the parity of the source key.

Chapter 5. DES Key-Management 5-33

previous next