Master key verification pattern

Edit online

A master key verification pattern (MKVP) exists within an internal AES, HMAC, or DES key-token that has an encrypted key present. An MKVP also exists within an internal PKA key-token that has an encrypted RSA or ECC private-key present or within an active internal CCA trusted block.

An MKVP permits the cryptographic engine to detect whether the key within the token is enciphered by an available master key. Different internal key-verification-pattern approaches are employed depending on the version of the key token and, for DES key tokens, the value of the symmetric master key. See Master-key verification algorithms and AES internal fixed-length key-token flag byte.

An IBM® cryptographic coprocessor does not permit the introduction of a new master-key value that has the same verification value as either the current master-key or as the old master-key.