Key Part Import2 (CSNBKPI2)

Before you use the Key Part Import2 verb for the first key part, you must use the Key Token Build2 verb or the TR31 Key Create verb to create the variable-length internal CCA key token or the internal TR-31 key token into which the key will be imported. Subsequent key parts are combined with the first part in variable-length internal key token form, or as a label from the key storage file.

The preferred way to specify key parts is FIRST, ADD-PART, and COMPLETE in the rule_array. Only when the combined key parts have been marked as complete can the key token be used in any cryptographic operation. The partial key can be passed to the Key Token Change2 verb for re-encipherment, in case building the key was started during a master key change operation. The partial key can be passed to the Key Token Parse verb, in order to discover how the key token was originally specified, if researching an old partial key. Partial keys can also be passed to the Key Test, Key Test2, and Key Test Extended verbs.

Key parts can also be specified as FIRST, MIDDLE, or LAST in the rule_array. ADD-PART or MIDDLE can be executed multiple times for as many key parts as necessary. Only when the LAST part has been combined can the key token be used by any other verb.

New applications should employ the ADD-PART and COMPLETE keywords in lieu of the MIDDLE and LAST keywords in order to ensure a separation of responsibilities between someone who can add key-part information and someone who can declare that appropriate information has been accumulated in a key.

On each call to Key Part Import2 (except with the key_part keyword), specify the number of bits to use for the clear key part. Place the clear key part in the key_part parameter, and specify the number of bits using the key_part_length variable. Any extraneous bits of key_part data are ignored.

Consider using the Key Test2 verb to ensure a correct key value has been accumulated prior to using the COMPLETE option to mark the key as fully operational.