Key Import (CSNBKIM)

Edit online

Use the Key Import verb to re-encipher a key from encryption under an importer key-encrypting key to encryption under the master key.

The re-enciphered key is in operational form.

Choose one of the following options:
  • Specify the key_type parameter as TOKEN and specify the external key token in the source_key_identifier parameter. The key type information is determined from the control vector in the external key token.
  • Specify a key type in the key_type parameter and specify an external key token in the source_key_identifier parameter. The specified key type must be compatible with the control vector in the external key token.
  • Specify a valid key type in the key_type parameter and a null key token in the source_key_identifier parameter. The default control vector for the key_type specified will be used to process the key.

For DATA keys, this verb generates a key of the same length as that contained in the input token.

Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.