Usage notes

This service is used to perform these operations:

• 2PASSRCV: The TR34 Key Transport (2-pass) token (KT-KDH) RECEIVE service.
  • KT-KDH: (INPUT, input_token). Key transport (2-pass) token received from KDH.
  • CredKDH: (INPUT, cred_kdh). KDH credential (X.509 certificate) with ID and public key.
  • RT-KRD: (INPUT, input_freshness_indicator).Token originally sent by the KRD to the KDH and now used for validation.
  • D-krd: (INPUT, private_key_identifier). The private key matching the public key in CredKRD.
  • Kn-T: (OUTPUT, output_key_identifier). CCA or TR-31 key token containing the transported TMK/KBPK.
• 1PASSRCV: The TR34 Key Transport (1-pass) token (KT-KDH) RECEIVE service.
  • KT-KDH: (INPUT, input_token). Key transport (1-pass) token received from KDH.
  • CredKDH: (INPUT, cred_kdh). KDH credential (X.509 certificate) with ID and public key.
  • Timestamp-min: (INPUT, input_freshness_indicator). Minimum timestamp value allowed, could be the last timestamp received or a bootstrap value.
  • D-krd: (INPUT, private_key_identifier). The private key matching the public key in CredKRD.
  • Kn-T: (OUTPUT, output_key_identifier). CCA or TR-31 key token containing the transported TMK/KBPK.
  • Timestamp-rcv: (OUTPUT, output_freshness_indicator). The timestamp value received in the KT-KDH.

This verb can create either the ITU T-REC-X.690-201508 or the ASC X9 TR-34-2012 variant of the SignedAttributes section in the SignerInfo of the token created, for 2-pass or 1-pass services. CSNDT34R has been updated to accept either format of the SignedAttributes token.