Required commands
The CSNBDKG2 required commands.
The Diversified Key Generate2 verb requires the following commands to be enabled in the active role:
| Rule-array keyword | Offset | Command |
|---|---|---|
| KDFFM-DK | X'02D3' | Diversified Key Generate2 - KDFFM-DK |
| KLEN192 and KLEN256 (Release 4.4 or later) | X'02D4' | Diversified Key Generate2 - Allow length option for KDFFM-DK |
| MK-OPTC | X'02D2' | Diversified Key Generate2 - MK-OPTC |
| SESS-ENC | X'02CC' | Diversified Key Generate2 - SESS-ENC |
An additional command is required when the key usage fields of the key token identified by the generating_key_identifier parameter specify a type of key to diversify of D-ALL (any type of key allowed). In this case, the verb requires the Diversified Key Generate2 - DALL command (offset X'02CD') to be enabled in the active role.
To allow the creation of keys used in the verb Multi-MAC Scheme (CSNBMMS), enable the command Allow CSNBDKG2 to derive keys from AES DKYGENKY keys with MMSAUTH1 attribute (offset X'00D1'). Attribute MMSAUTH2 is not allowed with CSNBDKG2.