Key labels and key-storage management
Use these verbs to manage AES, DES, PKA, and CMB (combined) key storage.
The CCA software manages key storage as an indexed repository of key records. Access key storage using a key label with verbs that have a key-label or key-identifier parameter.
- AES key storage
- Holds external, internal, and null AES or HMAC key tokens
- DES key storage
- Holds external, internal, and null DES key tokens
- PKA key storage
- Holds external, internal, and null PKA (ECC, QSA, and RSA) key tokens, and both internal and external public and private PKA key tokens
- CMB (combined) key storage
- Holds external, internal, and null AES, HMAC, DES, and PKA (ECC, QSA, and RSA) key tokens.
Private RSA keys are generated and optionally retained within the coprocessor using the PKA Key Generate verb. Depending on the other uses for coprocessor storage, between 75 and 150 keys can normally be retained within the coprocessor.
Key storage must be initialized before any records are created. Before a key token can be stored in key storage, a key-storage record must be created using the AES Key Record Create, DES Key Record Create, PKA Key Record Create, or Combined Key Record Create verb.
Use the AES Key Record Delete, DES Key Record Delete, PKA Key Record Delete, or Combined Key Record Delete verb to delete a key token from a key record, or to entirely delete the key record from key storage.
Use the AES Key Record List, DES Key Record List, PKA Key Record List, or Combined Key Record List verb to determine the existence of key records in key storage. These list verbs create a key-record-list file with information about select key records. The wildcard character, represented by an asterisk (*), is used to obtain information about multiple key records. The file can be read using conventional workstation-data-management services.
Individual key tokens can be read using the AES Key Record Read, DES Key Record Read, PKA Key Record Read, and Combined Key Record Read verbs or can be written using the AES Key Record Write, DES Key Record Write, PKA Key Record Write, and Combined Key Record Write verbs.