Filter
Top Products
CCA Release 2.54
The verb performs a one-way function on the key-of-interest, the result of which
is either returned or compared to a known correct result.
Establishing a master key from an internally generated random value. The
Master_Key_Process verb can be used to randomly generate a new master-key
within the cryptographic engine. The value of the new master-key is not
available outside of the cryptographic engine.
This method, which is a separately authorized command invoked through use of
the Master_Key_Process verb, ensures that no one has access to the value of
the master key. Random generation of a master key is useful when the shares
technique described next is used, and when keys shared with other nodes are
distributed using public key techniques or when DES transport keys are
established between nodes. In these cases, there is no need to re-establish a
master key with the same value.
“Cloning” a master key from one cryptographic engine to another
cryptographic engine. In certain high-security applications, it is desirable to
copy a master key from one cryptographic engine to another without exposing
the value of the master key. The IBM 4758 CCA implementation supports
cloning the master key through a process of splitting the master key into n
shares, of which m shares, 1≤m≤n≤15, are required to reconstitute the master
key in another engine. The term “cloning” is used to differentiate the process
from “copying” because no one share, or any combination of fewer than m
shares, provide sufficient information needed to reconstitute the master key.
This secure master-key cloning process is supported by the Cryptographic Node
Management (CNM) utility. See Chapter 5 and Appendix F of the IBM 4758 PCI
Cryptographic Coprocessor CCA Support Program Installation Manual. That
utility can hold the certificates and shares in a “data base” that you can transport
on diskette between the various nodes:
The certifying node public-key certificate
The Coprocessor (master key) Share-Source node public-key certificate
The Coprocessor (master key) Share-Receiving node public-key certificate
The master-key shares.
You establish the 'm' and 'n' values through the use of the
Cryptographic_Facility_Control verb.
Shares of the current master-key are obtained using the Obtain mode of the
Master_Key_Distribution verb. The Receive mode of the
Master_Key_Distribution verb is used to enter an individual share into the
receiving (target) cryptographic-engine. When sufficient shares have been
entered, the verb returns status (return code 4, reason code 1024) that indicates
the cloned master-key is now complete within the new master-key register of the
target cryptographic-engine.
The master-key shares are signed by the source engine. Each signed share is
then triple-encrypted by a fresh triple-length DES key, the share-encrypting key.
A certified public-key from the target cryptographic-engine is validated, and the
share-encrypting key is wrapped (encrypted) using the public key from the
certificate.
At the target cryptographic-engine, an encrypted share and the wrapped
share-encrypting key are presented to the engine. The private key to unwrap
the share-encrypting key must exist within the cryptographic engine as a
“retained key” (a private key that never leaves the engine). This private key
2-14 IBM 4758 CCA Basic Services, Release 2.54, February 2005