Required commands
The required commands for CSNDPKI.
This verb requires the PKA Key Import command (offset X'0104') to be enabled in the active role. If the source_key_token parameter points to a trusted block, also enable the PKA Key Import - Import an external trusted block command (offset X'0311').
To disable the wrapping of a key with a weaker master key, the Prohibit weak wrapping - Master keys command (offset X'0333') must be enabled in the active role.
To receive a warning when wrapping a key with a weaker master key, enable the Warn when weak wrap - Master keys command (offset X'0332') in the active role. The Prohibit weak wrapping - Master keys command overrides this command.
When using the CKM-RAKW keyword, one of the following access control points is required depending on the source key being imported:
| Source key type | Offset | Command |
|---|---|---|
| RSA | X'03CB' | Permit import of an RSA key token from a PKCS#11 CKM_RSA_AES_KEY_WRAP object |
| ECC | X'03CC' | Permit import of an ECC key token from a PKCS#11 CKM_RSA_AES_KEY_WRAP object |