Diversify Directed Key (CSNBDDK)
Use the Diversify Directed Key verb to selectively generate and derive a pair of associated keys in connection with a directed key diversification key scheme.
The objective of the concept is to generate and derive a key pair with different key usages from one key diversification key (KDK). Key direction comes into play in that one of the keys is generated and will be used for one direction (that is, encryption, MAC generate, and so forth), while the other key will be derived and will have usage associated with a different direction (decryption, MAC verification, and so forth). This verb provides an option to perform the generate or derive operation.
A structure called a key type vector, which is always used as the initialization vector for the diversification process, is provided as input and is used to determine what for and how the key is produced by this verb. For the format of key type vectors, see Key type vectors.
The key generated by this verb is used as a session key. The intention is that the keys of a generated and derived key pair are one-time keys. The key management fields of the output key indicate that the key cannot be exported.
This verb does not need to document any Restrictions nor Usage notes.