Key Export (CSNBKEX)
Use the Key Export verb to re-encipher any type of key (except an IMP-PKA) from encryption under a master key variant to encryption under the same variant of an exporter key-encrypting key. The source key can be a single-length DES key, a double-length Triple- DES key or, beginning with Release 5.4, a triple-length Triple-DES key, and must be in an operational fixed-length DES key-token.
The re-enciphered key can be exported to another system.
If the key to be exported is a DATA key, the Key Export verb generates a key token with the same key length as the input token's key.
This verb supports the no-export bit that the Prohibit Export verb sets in the internal token.
Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.