Loading a new master key from key parts
To set a new master key in the coprocessor, enter any part of the key in the new master-key register, and set the new master key.
To set the new master key, follow these steps:
- From the Master Key menu, select either DES/PKA Master
Keys or AES Master Key, and then click Parts. The
Load Master Key window is displayed as shown in Figure 1.
Figure 1. Load Master Key window 
- Select the radio button for the key part you are editing (First Part, Middle Part, or Last Part).
- Enter data by doing one of the following actions:
- Click New to clear data entered in error.
- Click Open to retrieve preexisting data.
- Click Generate to fill the fields with coprocessor-generated random numbers.
- Manually enter data into the Master Key Part fields. Each field accepts 4 hexadecimal digits.
- Click Load to load the key part into the new master-key register.
- Click Save to save the key part to
disk.Important: Key parts saved to disk are not enciphered. Consider keeping a disk with key parts on it stored in a safe or vault.Note: When you create a key from parts, you must have both the first and last parts. The middle part is optional.
- Repeat the preceding steps to load the remaining key parts to
the new master-key register. Note: For the split-knowledge security policy, different people must enter the separate key parts. To enforce a dual control security policy, the access control system must assign the right to enter the first key to one role and the right to enter subsequent key parts to another role. Then, authorized users can log on and enter their respective key part.
- From the Master Key menu, select either DES/PKA Master Keys or AES Master Key.
- Click Set for the utility to transfer the data:
- From the current master-key register to the old master-key register, and to delete the old master key
- From the new master-key register to the current master-key register