Transport key variant for fixed-length tokens

Like the master key, the coprocessor creates variations of a transport key to encrypt a key according to its type.

This allows for key separation when a key is transported off the system. A transport key variant, also called key-encrypting key variant, is created the same way a master key variant is created. The transport key's clear value is XORed with a control vector associated with the key type of the key it protects.

Note: To exchange keys with systems that do not recognize transport key variants, the coprocessor allows you to encrypt selected keys under a transport key itself, not under the transport key variant. For more information, see NOCV Importers and Exporters on page NOCV importers and exporters.