Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

Master_Key_Process CCA Release 2.54

 The master-key verification pattern (MKVP) of the new master-key is compared

against the MKVP of the current and the old master-keys. If they are the

same, the service fails with return code 8, reason code 704.

 If any of the eight-byte parts of the new master-key compares equal to one of

the weak DES-keys, the service fails with return code 8, reason code 703. See

page 2-62 for a list of these “weak” keys. (A parity-adjusted version of the

asymmetric master-key is used to look for weak keys.)

Except in the OS/400 environment, as part of the SET process, if a DES and/or

PKA key-storage exists, the header record of each key storage is updated with the

verification pattern of the (new) current master-key. The OS/400 environment does

not have master-key verification records in the key-storage data set.

Restrictions

None

Format

CSNBMKP

return_code Output Integer

reason_code Output Integer

exit_data_length In/Output Integer

exit_data In/Output String exit_data_length bytes

rule_array_count Input Integer one, two, or three

rule_array Input String

array

rule_array_count * 8 bytes

key_part Input String 24 bytes

Parameters

For the definitions of the return_code, reason_code, exit_data_length, and exit_data

parameters, see “Parameters Common to All Verbs” on page 1-11.

rule_array_count

The rule_array_count parameter is a pointer to an integer variable containing

the number of elements in the rule_array variable. The value must be one,

two, or three for this verb.

rule_array

The rule_array parameter is a pointer to a string variable containing an array of

keywords. The keywords are eight bytes in length, and must be left-justified

and padded on the right with space characters. The rule_array keywords are

shown below:

Keyword Meaning

Cryptographic component (optional)

ADAPTER Specifies the Coprocessor. This is the default for IBM 4758

implementations.

Master-key choice (one, optional)

SYM-MK Operate with the symmetric master-key registers.

ASYM-MK Operate with the asymmetric master-key registers.

2-60 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next