Key or key part rule (one keyword required) |
CLR-A128 | Process a 128–bit AES clear
key. |
CLR-A192 | Process a 192–bit AES clear
key. |
CLR-A256 | Process a 256–bit AES clear
key. |
KEY-CLR | Specifies the key supplied in key_identifier is
a single-length clear key. |
KEY-CLRD | Specifies the key supplied in key_identifier is
a double-length clear key. |
KEY-ENC | Specifies the key supplied in key_identifier is
a single-length encrypted key. |
KEY-ENCD | Specifies the key supplied in key_identifier is
a double-length encrypted key. |
TOKEN | Process an AES clear or encrypted
key token. |
Process Rule (one keyword required) |
GENERATE | Generate a verification pattern for
the key supplied in key_identifier. |
VERIFY | Verify a verification pattern for
the key supplied in key_identifier. |
Parity Adjustment - can not be specified
with any of the AES keywords (optional) |
ADJUST | Adjust the parity of test key to
odd prior to generating or verifying the verification pattern. The key_identifier field
itself is not adjusted. |
NOADJUST | Do not adjust the parity of test
key to odd prior to generating or verifying the verification pattern.
This is the default. |
Verification Process Rule (optional) |
ENC-ZERO | ENC-ZERO can be used with any
of the rules. It is not supported on systems with CCFs. |
SHA-256 | Use the 'SHA-256'
method. Use with CLR-A128, CLR-A192, CLR-A256, and TOKEN. SHA-256
is also the default for the AES rules. |