Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Key_Import

Key_Import (CSNBKIM)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The Key_Import verb imports a source DES key enciphered by the IMPORTER

key-encrypting-key into a target internal key-token. The imported target-key is

returned enciphered using the symmetric master-key.

Specify the following:

Key_type

A keyword for the key type. Use of the TOKEN keyword is the preferred coding

style. For compatibility with older systems, however, you can explicitly name a

key type, in which case the key type must match the key type encoded in the

control vector of the source key-token.

source_key_token

An external key-token or an encrypted external key to be imported. When you

import an enciphered key that is not in an external key-token, the key must be

located at offset 16 (X'10') of a null key-token. (The first byte of a null

key-token is X'00'.)

importer_key_identifier

An IMPORTER key-encrypting-key under which the target key is deciphered.

target_key_identifier

An internal or null key-token, or the key label of an internal or null key-token

record in key storage.

The verb builds or updates the target key-token as follows:

 If the source key is not in an external key-token,

– You must specify an explicit key type (not TOKEN).

– The default CV for the key type is used when decrypting the source key.

– The default CV for the key type is used when encrypting the target key.

– The target key-token must either be null or must contain valid,

non-conflicting information.

The key token is returned to the application or key storage with the imported

key.

 If the source key is in an external key-token:

– When an explicit key type keyword other than TOKEN is used, it must be

consistent with the key type encoded in the source-key control vector.

– The control vector in the source key-token is used in decrypting the source

key.

– The control vector in the source key-token is used in encrypting the source

key under the master key. Note that a source key having the default

external DATA control vector (8 or 16 bytes of X'00') will result in a target

key with the default internal DATA control vector.

The key token is returned to the application or key storage with the imported

key.

Chapter 5. DES Key-Management 5-51

previous next