Filter
Top Products
CCA Release 2.54
must also have been marked as suitable for operation with the
Master_Key_Distribution verb when it was generated.
When receiving a share, you must also supply the share-signing key in a
certificate to the Master_Key_Distribution verb. The engine validates the
certificate, and uses the validated public key to validate the individual master-key
share.
The certificates used to validate the share-signing public key and the
target-engine public key used to wrap the share-encrypting key are validated by
the cryptographic engines using a retained public-key. A retained public-key is
introduced into a cryptographic engine in a two-part process using the
PKA_Public_Key_Hash_Register and PKA_Public_Key_Register verbs. This
allows you to establish two distinct roles to enforce dual control. Two different
individuals are authorized so that split authority and dual control can be enforced
in setting up the certificate validating public key.
You identify the nodes with unique 16-byte identifiers of your choice. The
environment ID (EID) is also established through the use of the
Cryptographic_Facility_Control verb.
The processing of a given share (share 1, 2, ..., n) requires authorization to a
distinct control point so that you can enforce split responsibility in obtaining and
installing the shares.
The certifying node can be either the share source or target node as you desire,
or can be an independent node that might be located in a cryptographic control
center.
Although not currently supported by IBM products, the shares could be stored on
intermediate devices (for example, smart cards), provided that the devices could
perform the required key-management and digital-signature functions.
With the current capabilities of the IBM 4758 CCA Support Program, you must
initialize the target Coprocessor with its retained private key and have the
associated public-key certified before you obtain shares for the target
Coprocessor. This implies that the target Coprocessor has been initialized and
is not reset before a master key is cloned to the Coprocessor.
Chapter 2. CCA Node-Management and Access-Control 2-15