Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

Key_Import CCA Release 2.54

Restrictions

Starting with Release 2.41, unless you enable the Unrestrict Reencipher to Master

Key command (offset X'027B'), an IMPORTER key-encrypting-key having equal

key-halves is not permitted to import a key having unequal key-halves. Note that

key parity bits are ignored.

Format

CSNBKIM

return_code Output Integer

reason_code Output Integer

exit_data_length In/Output Integer

exit_data In/Output String exit_data_length bytes

key_type Input String 8 bytes

source_key_token Input String 64 bytes

importer_key_identifier Input String 64 bytes

target_key_identifier In/Output String 64 bytes

Parameters

For the definitions of the return_code, reason_code, exit_data_length, and exit_data

parameters, see “Parameters Common to All Verbs” on page 1-11.

key_type

The key_type parameter is a pointer to a string variable containing an

eight-byte keyword, left-justified and padded on the right with space characters,

specifying the key type of the key to be imported. In general, you should use

the TOKEN keyword.

CIPHER

DATA

DECIPHER

ENCIPHER

EXPORTER

IKEYXLAT

IMPORTER

IPINENC

MAC

MACVER

OKEYXLAT

OPINENC

PINGEN

PINVER

TOKEN

source_key_token

The source_key_token parameter is a pointer to a string variable containing the

source DES key-token. Ordinarily the source key-token is an external DES

key-token (the first byte of the key-token data structure contains X'02').

However, if the first byte of the token is X'00', then the encrypted source-key

is taken from the data at offset 16 (X'10') in the source key-token structure.

importer_key_identifier

The importer_key_identifier parameter is a pointer to a string variable

containing the key-token or key label for the IMPORTER (transport)

key-encrypting-key.

target_key_identifier

The target_key_identifier parameter is a pointer to a string variable containing

the target key-token or key label of a key-token record.

Required Commands

The Key_Import verb requires the Reencipher to Master Key command (offset

X'0012') to be enabled in the active role.

By also enabling the Unrestrict Reencipher To Master Key command (offset

X'027B'), you can permit a less secure mode of operation that enables an equal

5-52 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next