Filter
Top Products
CCA Release 2.54
PKA_Key_Token_Change verbs). Whenever a working key is encrypted for local
use, it is encrypted using the current master-key.
Symmetric and Asymmetric Master-Keys
The CCA Version 2 implementation incorporates a second set of master-key
registers. One register set is used to encrypt DES (symmetric) working-keys. The
second register set is used to encrypt PKA (asymmetric) private working-keys. The
verbs that operate on the master keys permit you to specify a register set (with
keywords SYM-MK and ASYM-MK). If your applications that modify the
master-key registers never explicitly select a register set, the master keys in the
two register sets are modified in the same way and will contain the same keys.
However, if at any time you modify only one of the register sets, your applications
will thereafter need to manage the two register sets independently.
The Cryptographic Node Management (CNM) utility does not contain logic to select
a specific register set, and therefore use of CNM results in operation as though
there were only a single set of registers. Note that if you use another program to
modify a register in only one of the register sets, the CNM utility will no longer be
usable for updating the master keys.
For consistency with the S/390 CCA implementation, you can use a symmetric-key
master-key that has an effective double-length (usually master keys are triple
length). To accomplish this, use the same key value for the first and third 8-byte
portion of the key.
Establishing Master Keys
Master keys are established in one of three ways:
1. From clear key parts (components)
2. Through random generation internal to the Coprocessor
3. Cloning (copying encrypted shares).
Establishing a master key from clear information. Individual “key-parts”
(components) are supplied as clear information and the parts are
exclusive-ORed within the cryptographic engine. Knowledge of a single part
gives no information about the final key when multiple (random-valued) parts are
exclusive-ORed.
A common technique is to record the values of the parts (typically on paper or
diskette) and independently store these values in locked safes. When the
master key is to be instantiated in a cryptographic engine, individuals who are
trusted to not share the key-part information retrieve the parts and enter the
information into the cryptographic engine. The Master_Key_Process verb
supports this operation.
Entering the first and subsequent parts is authorized by two different control
points so that a cryptographic engine (the Coprocessor) can enforce that two
different roles, and thus profiles, are activated to install the master-key parts. Of
course this requires that roles exist that enforce this separation of responsibility.
Setting of the master key is also a unique command with its own control point.
Therefore you can set up the access-control system to require the participation
of at least three individuals or three groups of individuals.
You can check the contents of any of the master-key registers, and the key parts
as they are entered into the new master-key register, using the Key_Test verb.
Chapter 2. CCA Node-Management and Access-Control 2-13