Scribd Logo
Upload

Welcome to Scribd!

  • Zone PIN Key Management: Generate A ZPK

    Uploaded by

    Lee Chee Soon
    744 views2 pages
    This document describes a host command to generate a zone PIN key (ZPK) on an HSM 8000 security module. The command encrypts the generated ZPK under both a zone master key (ZMK) for transmission to other parties, and under a local master key (LMK) for storage on the host database. The command response returns the encrypted ZPKs along with a check value.

    Original Description:

    ZPK Under ZMK Ref

    Original Title

    ZPK Under ZMK Ref

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes a host command to generate a zone PIN key (ZPK) on an HSM 8000 security module. The command encrypts the generated ZPK under both a zone master key (ZMK) for transmission to other parties, and under a local master key (LMK) for storage on the host database. The command response returns the encrypted ZPKs along with a check value.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    744 views2 pages

    Zone PIN Key Management: Generate A ZPK

    Uploaded by

    Lee Chee Soon
    This document describes a host command to generate a zone PIN key (ZPK) on an HSM 8000 security module. The command encrypts the generated ZPK under both a zone master key (ZMK) for transmission to other parties, and under a local master key (LMK) for storage on the host database. The command response returns the encrypted ZPKs along with a check value.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Host Commands HSM 8000 Host Command Reference Manual

    Zone PIN Key Management


    The HSM provides Host commands to generate and translate a ZPK.
    The generate facility encrypts the ZPK under the ZMK for transmission to another party and under the
    LMK for storage on the Host database.
    The two translate commands allow a ZPK to be translated from encryption under a ZMK to encryption
    under the LMK and vice versa.

    Generate a ZPK
    Command: Generate a random PIN key and return it to the Host encrypted under a
    ZMK for transmission to another party and under the LMK for storage on the
    Host database.
    Notes: If a 32-character ZMK is required, the HSM must be configured for double-
    length ZMKs using the CS (Configure Security) console command.

    Field Length & Type Details


    COMMAND MESSAGE
    Message header mA (Subsequently returned to the Host unchanged).
    Command code 2A Value IA.
    ZMK 16H or 32H or The ZMK encrypted under LMK pair 04-05.
    1A+32H or
    1A+48H
    Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with
    Atalla equipment.
    Delimiter 1A Optional. If present the following three fields must
    be present. Value “;”.
    If an option is not required by the command fill with
    a valid value or 0.
    Key scheme ZMK 1A Optional. Key scheme for encrypting key under
    ZMK.
    Key scheme LMK 1A Optional. Key scheme for encrypting key under
    LMK.
    Key check value type 1A Optional. Key check value calculation method
    0 - KCV backwards compatible.
    1 - KCV 6H.
    End message delimiter 1C Optional. Must be present if a message trailer is
    present. Value X’19.
    Message trailer nA Optional. Maximum length 32 characters. Maximum
    length 32 characters.

    48 1270A351 Issue 1 – December 2002


    HSM 8000 Host Command Reference Manual Host Commands

    Field Length & Type Details


    RESPONSE MESSAGE
    Message header nA Returned to the Host unchanged.
    Response code 2A Value IB.
    Error code 2N 00 : No errors
    10 : ZMK does not have odd parity
    12 : No keys loaded in user storage
    13 : LMK error; report to supervisor
    15 : Error in input data
    21 : Invalid user storage index
    ZPK under ZMK 16H or 1A+32H The ZPK encrypted under the ZMK.
    or 1A+48H
    ZPK under LMK 16H or 1A+32H The ZPK encrypted under LMK pair 06-07.
    or 1A+48H
    Check value 16 H or 6 H Result of encrypting 64 binary zeroes with the ZPK.
    16H or 6H depends upon KCV type option.
    End message delimiter 1C Present only if present in the command message.
    Value X’19.
    Message trailer nA Present only if present in the command message.
    Maximum length 32 characters.

    49

    You might also like