Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Master_Key_Distribution

Master_Key_Distribution (CSUAMKD)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The Master_Key_Distribution verb is used to perform these operations related to

the distribution of shares of the master key:

 Generate and distribute a share of the current master-key

 Receive a master-key share. When sufficient shares are received, reconstruct

the master key in the new master-key register.

You choose which class of master key, either symmetric or asymmetric, to clone

with the SYM-MK and the ASYM-MK rule-array keywords. If neither keyword is

specified, the verb performs the same operation on both classes of registers,

provided that the registers already contain the same values.

OBTAIN and INSTALL rule-array keywords control the operation of the verb.

With the OBTAIN keyword...

 You specify:

– The share number, i, where 1 ≤ i ≤ 15 and i ≤ the maximum number of

shares to be distributed as defined by the SET-MOFN option in the

Cryptographic_Facility_Control verb

– The private_key_name of the Coprocessor-retained key used to sign a

generated master-key share. This key must have the CLONE attribute set

at the time of key generation.

– The certifying_key_name of the public key already registered in the

Coprocessor used to validate the following certificate

– The certificate and its length that provides the public key used to encrypt

the clone_information_encrypting_key

– The length and location of the clone_information field that will receive the

encrypted cloning information (master-key share).

 The verb performs:

– Generation of master-key shares, as required, and formatting of the

information to be cloned

– Signing of the cloning_information

– Generation of an encryption key and encryption of the cloning information

– Recovery and validation of the public key used to encrypt the

clone_info_encrypting_key

– Encryption of the clone_info_encrypting_key.

 The verb returns:

– The encrypted cloning information

– The encrypted clone_info_encrypting_key.

With the INSTALL keyword...

 You specify:

– The share number, i, presented in this request

Chapter 2. CCA Node-Management and Access-Control 2-55

previous next