Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

Master_Key_Distribution CCA Release 2.54

– The private_key_name of the Coprocessor-retained key used to decrypt the

clone_info_encrypting_key. This key must have the CLONE attribute set at

the time of key generation.

– The certifying_key_name of the public key already registered in the

Coprocessor used to validate the following certificate

– The certificate and its length that provides the public key used to validate

the signature on the cloning information

– The length and location of the clone_info field that provides the encrypted

cloning information (master-key share).

 The verb performs:

– Recovery of the clone_info_encrypting_key

– Decryption of the cloning information

– Recovery and validation of the public key used to validate the cloning

information signature

– Validation of the cloning information signature

– Retention of a master-key share

– Regeneration of a master key in the new master-key register when

sufficient shares have been received.

 The verb returns:

– A return code valued to four if the master key has been recovered into the

new master-key register. A return code of zero indicates that processing

was normal, but a master key was not recovered into the new master-key

register. (Other return codes, and various reason codes, can also occur in

abnormal cases.)

Restrictions

When using the OBTAIN keyword, the current master-key register must be full.

When using the INSTALL keyword, the new master-key register must be clear

(empty).

Format

CSUAMKD

return_code Output Integer

reason_code Output Integer

exit_data_length In/Output Integer

exit_data In/Output String exit_data_length bytes

rule_array_count Input Integer one or two

rule_array Input String

array

rule_array_count * 8 bytes

share_index Input Integer

private_key_name Input String 64 bytes

certifying_key_name Input String 64 bytes

certificate_length Input Integer

certificate Input String certificate_length bytes

clone_info_encrypting_key_length In/Output Integer

clone_info_encrypting_key In/Output String clone_info_encrypting_key_length

bytes

clone_info_length In/Output Integer

clone_info In/Output String clone_info_length bytes

2-56 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next