Copy smart card contents

This function allows you to copy keys and key parts from one TKE smart card to another TKE smart card, or from one EP11 smart card to another EP11 smart card. You can copy these types of keys:
  • Crypto adapter logon key
  • TKE authority signature key
  • EP11 administrator signature key
  • ICSF operational key parts
  • ICSF master key parts
  • Crypto adapter master key parts
Notes:
  1. The two smart cards must be enrolled in the same zone; otherwise the copy will fail. To display the zone of a smart card, exit from the TKE application and use either the Cryptographic Node Management Utility or the Smart Card Utility Program found in the Trusted Key Entry category's Applications list on the TKE Workstation Console. See Cryptographic Node Management utility (CNM) or Smart Card Utility Program (SCUP).
  2. To copy ECC (APKA) master key parts from a source TKE smart card to a target TKE smart card, the applet version of the target TKE smart card must be 0.6 or greater.
  3. To copy an ECC authority signature key from a source TKE smart card to a target TKE smart card, the version of the target TKE smart card must be 0.10 or greater.

To copy a smart card:

  1. Select Copy smart card contents from the Utilities menu.

    A message box prompts you to “Insert source TKE or EP11 smart card in smart card reader 1”.

  2. Insert the source smart card in smart card reader 1 and press OK.

    A message box prompts you to insert the target smart card in smart card reader 2. The target smart card must be the same type (TKE or EP11) as the source card.

  3. Insert the target smart card in smart card reader 2 and press OK.

    The utility reads the smart card contents. This may take some time. The card ID is displayed, followed by the card description. Verify that these are the smart cards you want to work with.

    The Copy smart card contents window lists the following information for a smart card:
    Card ID
    Identification string for the smart card
    Zone description
    Description of the zone in which the smart card is enrolled
    Card description
    Description of the smart card; entered when the smart card was personalized
    Card contents
    Key type, Description, Origin, MDC4, SHA1, ENC-Zero, AES-VP, Control Vector or Key Attributes (for operational keys only), and Length.
  4. Highlight the keys that you want to copy. By holding down the control button on the keyboard, you can select specific entries on the list with your mouse. By holding down the shift button on the keyboard, you can select a specific range of entries on the list with your mouse. Click on the Copy button or right click and select Copy.
    Note: Smart card copy does not overwrite the target smart card. If there is not enough room on the target smart card, you will get an error message. You can either delete some of the keys on the target smart card (see Manage smart card contents) or use a different smart card.
    Figure 1. Select keys to copy
    Select keys to copy
  5. At the prompts, enter the PINs for the smart cards on the smart card reader PIN pads. The keys will then be copied to the target smart card. The target smart card contents panel is refreshed.
Note: You can display the key attributes associated with a AES non-DATA operational key part stored on either the source or target TKE smart card. Left click to select the key part, then right click to display a popup menu. Select the Display key attributes option to display the key attributes.
Parent topic: Utilities menu