Phase 1 for cloning a master key: Establishing the share administration node
To use the coprocessor as the share administration (SA) node, follow the steps from cloning the master key mentioned in Table 1. This coprocessor can also serve as the master key source node or a master key target node.
Prerequisites: Before running this
procedure, familiarize yourself with the steps described in the section Scenario: Cloning a DES or PKA master key and the chapter about understanding
and managing master keys in the IBM CCA Basic Services Reference
and Guide for the IBM® 4765 PCIe and 4764 PCI-X Cryptographic
Coprocessors manual.
To establish the SA node, complete the steps in the following table:
| Phase | Task | ✓ |
|---|---|---|
| 1.1 | Audit the appropriateness of the access controls. | |
| 1.2 | Perform time synchronization and ensure that the authorization (fcv_td4kECC521.crt) is installed. | |
| 1.3 | Confirm (or install) the master key. | |
| 1.4 | Using the facilities of your operating system, erase any prior SA database from the SA database media. | |
| 1.5 | If not already established, enter the environment
ID (EID) by completing the following steps:
|
|
| 1.6 | Generate the SA key:
|
|
| 1.7 | Register the SA public key hash:
|
|
| 1.8 | Register the SA public key:
|