Private keys can be generated, retained, and used within the secure boundary of a PCICC, PCIXCC, CEX2C, or CEX3C. Retained keys are generated by the PKA Key Generate (CSNDPKG) callable service. The private key values of retained keys never appear in any form outside the secure boundary. All retained keys have an entry in the PKDS that identifies the PCICC, PCIXCC, CEX2C, or CEX3C where the retained private key is stored. ICSF provides these callable services to list and delete retained private keys.

Retained Key Delete Callable Service (CSNDRKD and CSNFRKD)

The retained key delete callable service deletes a key that has been retained within a PCICC, PCIXCC, CEX2C, or CEX3C and also deletes the record containing the key token from the PKDS.

Retained Key List Callable Service (CSNDRKL and CSNFKRL)

The retained key list callable service lists the key labels of private keys that are retained within the boundaries of PCICC, PCIXCC, CEX2C, or CEX3C installed on your server.

Clearing the retained keys on a coprocessor

The retained keys on a PCICC, PCIXCC, CEX2C, or CEX3C may be cleared. These are the conditions under which the retained key will be lost:

• If the PCICC, PCIXCC, CEX2C, or CEX3C detects tampering (the intrusion latch is tripped), ALL installation data is cleared: master keys, retained keys for all domains, as well as roles and profiles.
• If the PCICC, PCIXCC, CEX2C, or CEX3C detects tampering (the secure boundary of the card is compromised), it self-destructs and can no longer be used.
• If you issue a command from the TKE workstation to zeroize a domain

  This command zeroizes the data specific to a domain: master keys and retained keys.

• If you issue a command from the Support Element panels to zeroize all domains.

  This command zeroizes ALL installation data: master keys, retained keys and access control roles and profiles.