Scenario: Cloning a DES or PKA master key

Edit online

The steps to clone a data encryption standard (DES) or public key algorithm (PKA) master key from one coprocessor to another.

The term cloning is used rather than copying because the master key is split into shares for transporting between the coprocessors. The technique is explained under the topic Understanding and managing master keys in the IBM® CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors manual.
Note: Cloning of an AES master key is not supported.
Cloning of the master key involves two or three nodes:
  • The master key source node.
  • The master key target node.
  • The share administration (SA) node. The SA node can either be the source or the target node.

The CNM utility can store various data items that are involved in this process in a database that you can carry (diskette) or transfer (FTP) between the different nodes. One database issa.db that is the default, and contains the information about the SA key and keys that is certified. The target node where the master key is cloned also has a database that is known by default as the csr.db.

You can accomplish these tasks by using the CNM utility:
  1. Start the CCA Node Management utility by entering the csufcnm command. The CNM utility logo and the main window are displayed.
  2. Set up the nodes in a secure manner with access control roles, user profiles, and master keys.

    You need a role and one or more user profiles at the source and target nodes for each user who obtains or store shares. Processing of shares is done by a separate command so that, if you want, your roles can ensure that independent individuals are involved with obtaining and installing the different shares.

    Consider the use of random master key generation and roles that enforce a dual control security policy. For example, allow one individual or role to register a hash and another individual or role to register a public key. Select different individual or role for obtaining and installing the individual shares of the master key.

    See the guidance section in the IBM CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors manual for the description of the Master_Key_Process and the Master_Key_Distribute verbs.

  3. Install a unique 1 - 16 byte environment ID (EID) of your choice into each node.

    From the Crypto Node menu, click Set Environment ID, enter the identifier, and click Load. Use only these characters in an EID: A - Z, a - z, 0 - 9, and @, (X'40'), space character (X'20'), &, (X'26'), and = (X'3D').

    You must enter a full 16-character identifier. For short identifiers, complete the entry with space characters.

  4. Initialize the master key sharing m and n values in the source and target nodes. These values must be the same in the source and the target nodes. The value n is the maximum number of shares while m is the minimum number of shares that must be installed to reconstitute the master key in the target node.

    From the Crypto Node menu, click Share Administration > Set number of shares, enter the values, and click Load.

  5. At the different nodes, generate these keys and verify that each public key is certified by the SA key. You can use the utility's sa.db database to transport the keys and the certificates.
    Share administration (SA)
    This key is used to certify itself and the following keys. You must register the hash of the SA public key, and the public key itself, in the SA, source, and target nodes.

    After the SA key is created, the utility supplies an 8 byte or 16-hexadecimal character value that is a portion of the hash of the SA key. Be sure to retain a copy of this value. You need this value to confirm the hash value that is recorded in the database to register the SA public key at the source and target nodes.

    Coprocessor Share Signing (CSS)
    This key is used to sign shares that are distributed from the source node. The private key is retained within the source node.
    Coprocessor Share Receiving (CSR)
    This key is used to receive a share-encrypting key into the target node. The SA certified public CSR key is used at the source node to wrap (encrypt) the share encrypting key that is unique for each share. The private key is retained within the target node.
    Generate the Key Pairs: SA, CSS, and CSR
    From the Crypto Node menu, click Share Administration > Create Keys. Click the Share Administration Keys, CSS key, or CSR key. Click Create.

    You must supply key labels for the CSS and CSR keys that are retained in the source and target nodes, for example, IBM4767.CLONING.CSS.KEY and IBM4767.CLONING.CSR.KEY. The labels that you use must not conflict with other key labels that are used in your applications.

    To generate the CSR key at the share-receiving node, you must obtain the serial number of the coprocessor. From the Crypto Node, click Status. You must enter the serial number value to certify the CSR key.

  6. Register the SA public key in the coprocessor at the SA, source, and target nodes. This process is a two-step process that must be done under a dual control security policy.

    One individual installs the SA public key hash. From the Crypto Node menu, click Share Administration > Register Share Administration , and click SA Key hash. You must enter the hash value that is obtained during SA key creation.

    The other individual installs the actual SA public key. From the Crypto Node menu, click Share Administration > Register Share Administration , and click SA Key. By default, the public key information is in the sa.db file.

  7. Take the CSS key and the CSR key to the SA node and that the keys are certified.

    From the Crypto Node drop-down menu, select Share Administration Keys, Certify KeysCSS key, or CSR key.

    For the CSR key, you must supply the serial number of the target coprocessor as a procedural check that an appropriate key is being certified. Your procedures must include communicating this information in a reliable manner.

  8. At the source node, the authorized individuals must login to the role that allows them to obtain their shares. At least m shares must be obtained. These shares are of the current master-key.

    From the Crypto Node menu, click Share Administration > Get Share, and enter the share number to be obtained. Observe the serial numbers and database identifiers. When these shares are in agreement, click Get Share. The share information must be placed by default into the csr.db file and obtains the CSR key certificate, by default, from the sa.db file.

    Obtain current-master-key validation information for use later at the target node. From the Master Key menu, click DES/PKA Master Keys > Verify. Click Current.

  9. At the target node, the authorized individuals must login to the role that allows each of them to install their share. At least m shares must be installed to reconstitute the master key into the new master-key register.

    From the Crypto Node menu, click Share Administration > Load Share, and select the share number to be installed. Verify that the serial numbers and database identifiers are correct and then click Observe the serial numbers and database identifiers. When these shares are agreed to be correct, click Get Share. At the target node, the authorized individuals must login to the role that allows the individuals to install their share. The share information is obtained by default from the csr.db file and the CSS key certificate is obtained by default from the sa.db file. If your server has multiple cryptographic coprocessors that are loaded with CCA, the coprocessors must have identical master keys that are installed for the functioning of key storage.

    When m shares are loaded, verify that the key in the new master-key register is the same as the current master key in the source node when the shares were obtained. On the target node, from the Master Key menu, click DES/PKA Master Keys > New.

  10. When it is confirmed through master key verification that the master key is cloned, an authorized individual can set the master key. This action deletes any old master key and moves the current master key to the old master key register. Application programs that use keys encrypted by the master key can be impacted by this change, so ensure that setting of the master key is coordinated with the needs of your application programs.
  11. From the Master Key menu, click DES/PKA Master Keys > Set.