Usage notes

Edit online

Usage notes for CSNBKIM.

Use of NOCV keys are controlled by an access control point in the CEX*C. Creation of NOCV key-encrypting keys is available only for standard IMPORTERs and EXPORTERs.

This verb will mark an imported KEK as a NOCV-KEK KEK:
  • If a token is supplied in the target token field, it must be a valid importer or exporter token. If the token fails token validation, processing continues, but the NOCV flag will not be copied
  • The source token (key to be imported) must be a importer or exporter with the default control vector.
  • If the target token is valid and the NOCV flag is on and the source token is valid and the control vector of the target token is exactly the same as the source token, the imported token will have the NOCV flag set on.
  • If the target token is valid and the NOCV flag is on and the source token is valid and the control vector of the target token is NOT exactly the same as the source token, a return code will be given.
  • All other scenarios will complete successfully, but the NOCV flag will not be copied

The software bit used to mark the imported token with export prohibited is not supported on a CEX*C. The internal token for an export prohibited key will have the appropriate control vector that prohibits export.

This is a legacy service. It should only be used if you need TR-31 KEKs for legacy key communications. For other actions where you need to import a TR-31 external token to a CCA target key token, CSNBT31I is the correct service. If a user needs to import a TR-31 external token to an internal TR-31 output key block, CSNBT31X is the correct service.