Usage notes

The usage notes for CSNDT34C.

This service is used to perform these operations:
  • BINDKRDC: The TR34 BIND token (CT-KRD) CREATE service creates the TR-34 token that contains Cred-KRD that is needed by the KDH.
    • CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
    • CT-KRD: (OUTPUT, output_token). Credential token for KRD, containing Cred-KRD in DER format.
  • BINDRV: The TR34 BIND token (CT-KDH) RECEIVE service processes the BIND request on the KRD.
    • CT-KDH token: (INPUT, input_token). BIND token received from KDH.
    • CredKDH; (OUTPUT, output_token). Credential (X.509 certificate), in DER format, for the KDH, needs to be stored in the KRD.
  • UNBINDRV: The TR34 UNBIND token (UBT-KDH) RECEIVE service processes the UNBIND request on the KRD.
    • UBT-KDH token: (INPUT, input_token). UNBIND token received from KDH.
    • CredKDH: (INPUT, cred_kdh). KDH credential (X.509 certificate) with ID and public key.
    • CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
    • RT-KRD: (INPUT, random_number_token). Token originally sent by the KRD to the KDH and now used for validation.
    • <validity> : (OUTPUT, return/reason code). UBT-KDH – is – valid.
  • REBINDRV: The TR34 REBIND token (RBT-KDH). RECEIVE service processes the REBIND request on the KRD.
    • RBT-KDH: (INPUT, input_token). REBIND token received from KDH.
    • CredKDH: (INPUT, cred_kdh). Old KDH credential (X.509 certificate) with ID and public key.
    • CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
    • RT-KRD: (INPUT, random_number_token). Token originally sent by the KRD to the KDH and now used for validation.
    • <validity>: (OUTPUT, return/reason code). RBT-KDH – is – valid.
    • Cred-KDH-NEW: (OUTPUT, output_token). New KRD credential (X.509 certificate), in DER format, needs to be stored in the KRD.
Notes:
  1. The RT-KRD token can be created with correct formatting using the RT-KRD processing of the CSNBRNGL service. See Random Number Generate (CSNBRNG) for more details.
  2. RSA 2048 bit and 3072 bit keys will be supported by CCA. This allows strength equivalent to an AES 128-bit key. TR-34 explicitly supports only RSA 2048-bit keys so some vendors will only support that key size.