Transport key variant for fixed-length tokens
Like the master key, the coprocessor creates variations of a transport key to encrypt a key according to its type.
This allows for key separation when a key is transported off the system. A transport key variant, also called key-encrypting key variant, is created the same way a master key variant is created. The transport key's clear value is XORed with a control vector associated with the key type of the key it protects.
Note: To exchange keys with systems that do not recognize
transport key variants, the coprocessor allows you to encrypt selected
keys under a transport key itself, not under the transport key variant.
For more information, see NOCV Importers and Exporters on page NOCV importers and exporters.