Loading key parts

After the generation of the key parts on the smart cards you load them onto the cryptographic coprocessor.

1. On the Crypto Module Administration dialog, in the Key Type list select the AES Master Key entry. Right click to open its context menu and select Load all key parts from … Smart card as shown in Figure 1.

   

   1. When prompted, enter the number of key parts (2) to be loaded.
   2. When the New AES Master Key register is not empty, answer Yes to the Clear Key Register question (Figure 2), because the currently loaded new master key will now be stored in this register.

      

      To clear the New AES Master Key register, you need a signature key and a certain level of authority. Authority 20 with the role CCAFst is allowed to perform this action. So, when prompted, select smart card reader 1 as the source of the signature key and insert the CCAFst smart card.

      In the message about the successful clearing of the key register, press the OK button.

   3. Select the first key part by pressing OK in the Load Master Key dialog as shown in Figure 3.

      

   4. In the upcoming prompt, selecting smart card reader 1 as the source for key part 1 and press the Continue button.
   5. In Figure 4, select the shown AES key part 1 and press OK.

      

      Press OK to proceed to the Key part information dialog (Figure 5).

   6. Now press the Load key button.

      

      Press OK in the upcoming confirmation message (Command was executed successfully) to proceed.

2. Select the last (second) key part.

   

   Press OK to load the second key part.

   If the CCAFst administrator now tries to continue, an error message is displayed, because the key administrator with authority 20 may only load the first key part. Now the second key administrator needs to continue to process this step.

   

   Press Retry to use the smart card with key part 2 owned by the key administrator with authority 21. When prompted, select smart card reader 2 as the source of the required signature key and press Continue. Then insert the TKE smart card 2 into reader 2 and enter the password for this smart card. As expected, the wizard offers to use authority index 21 in Figure 8.

   

   Press the Continue button and then select smart card reader 2 as the source of the missing master key part to be loaded.

3. Now you can load key part 2, the last key part in our scenario.
   You see a view showing information about the AES key part 2 (see Figure 9) that you have been previously generated on the inserted smart card.

   

   Now proceed with key part 2 as previously described for key part 1 in Figure 4. Press OK until you return to Figure 10 where you can see that the New AES Master Key register is now Full.