Filter
Top Products
CCA Release 2.54
Intentionally using different master keys in a set of Coprocessors.
This situation becomes very complicated if you are using key storage with a
subset of the Coprocessors. The preceding discussion provides information
that you can use to manage this case. If you are not using key storage and
have not initialized key storage files, then the situation is quite simple. Just
load and set the master keys as you would in a single-Coprocessor situation.
Note that while you are changing master keys in a multiple-Coprocessor
arrangement, it may be undesirable to continue other cryptographic processing.
Several problems should be considered:
1. Keys generated or imported and returned enciphered with the latest master key
are not usable with other Coprocessors until they too have been updated with
the latest master key. Existing keys may still be usable since the previous
master key in the updated Coprocessor(s) will be in the old master-key register
and CCA can use this to recover the working keys.
2. The header record in the key-storage file may have been altered to an
undesirable value--refer to the earlier discussion.
3. If you set the master key without specifically mentioning symmetric or
asymmetric keys (this is the way the CNM utility operates), and if you are using
key storage, you will need to have both the symmetric and the asymmetric key
storage files initialized, even if you do not place keys in one or both of the key
storages files.
2-20 IBM 4758 CCA Basic Services, Release 2.54, February 2005