Parameters
The parameter definitions for CSNBKIM.
For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.
- key_type
-
The type of key you want to re-encipher under the master key. Specify an 8-byte keyword or the keyword TOKEN. The keyword must be left-aligned and padded on the right with blanks.
Direction: Input Type: String If the key type is TOKEN, CCA determines the key type from the control vector (CV) field in the external key token provided in the source_key_identifier parameter.
The key type of TOKEN is not allowed if the importer_key_identifier parameter is NOCV.
Key type values for the Key Import verb are:
For information on the meaning of the key types, see Table 1.CIPHER DATAC EXPORTER MACVER PINVER CIPHERXL DATAM IMPORTER MACD TOKEN CIPHERXI DATAMV IKEYXLAT OKEYXLAT CIPHERXO DECIPHER IPINENC OPINENC DATA ENCIPHER MAC PINGENWe recommend using key type of TOKEN when importing double-length MAC and MACVER keys.
- source_key_identifier
-
The key you want to re-encipher under the master key. The parameter is a 64-byte field for the enciphered key to be imported containing either an external key token or a null key token. If you specify a null token, the token is all binary zeros, except for a key in bytes 16-23 or 16-31, or in bytes 16-31 and 48-55 for triple-length DATA keys. Refer to Table 1.
Direction: Input Type: String If key type is TOKEN, this field might not specify a null token.
This verb supports the no-export function in the CV.
- importer_key_identifier
-
The importer key-encrypting key that the key is currently encrypted under. The parameter contains either the key label of the key in the cryptographic key data set, the internal CCA key token, or the internal TR31 key token for the key. If you supply a key label that is less than 64-bytes, it must be left-aligned and padded with blanks.
Direction: Input/Output Type: String When using a TR-31 token, it must have the following attributes:
- TR-31 key usage: K0
- Algorithm: T
- TR-31 mode of key use: D
Note: If you specify a NOCV importer in the importer_key_identifier parameter, the key to be imported must be enciphered under the importer key itself. - target_key_identifier
-
This parameter is the generated re-enciphered key. The parameter is a 64-byte area that receives the internal key token for the imported key.
Direction: Input/Output Type: String If the imported key type is IMPORTER or EXPORTER and the token key type is the same, the target_key_identifier parameter changes direction to both input and output. If the application passes a valid internal key token for an IMPORTER or EXPORTER key in this parameter, the NOCV bit is propagated to the imported key token.
On output, this parameter receives the imported operational key token.
When the key_type parameter is one of:
- IMPORTER or EXPORTER and the token in the source_key_identifier parameter matches that key type
- TOKEN and the token in the source_key_identifier is either an IMPORTER or EXPORTER
and the application passes a valid internal key token or skeleton token in this parameter matching the key type of the source_key_identifier, the NOCV bit is propagated to the imported key token.
To import a key token as a compliant-tagged key token, a compliant-tagged skeleton token must be supplied.