Diversified Key Generate (CSNBDKG)
Use the Diversified Key Generate verb to generate a key based on the key-generating key, the processing method, and the parameter supplied.
The control vector of the key-generating key also determines the type of target key that can be generated.
To use this verb, specify the following:
- The rule_array keyword to select the diversification process.
- The operational key-generating key from which the diversified keys are generated. The control vector associated with this key restricts the use of this key to the key generation process. This control vector also restricts the type of key that can be generated.
- The data and length of data used in the diversification process.
- The generated-key could be an internal token or a skeleton token containing the desired CV of the generated-key. The generated key CV must be one that is permitted by the processing method and the key-generating key. The generated key will be returned in this parameter.
- A key generation method keyword.
This verb generates diversified keys as follows:
- Determines if it can support the process specified in the rule_array.
- Recovers the key-generating key and checks the key-generating key class and the specified usage of the key-generating key.
- Determines that the control vector in the generated-key token is permissible for the specified processing method.
- Determines that the control vector in the generated-key token is permissible by the control vector of the key-generating key.
- Determines the required data length from the processing method and the generated-key CV. Validates the data_length.
- Generates the key appropriate to the specific processing method. Adjusts parity of the key to odd. Creates the internal token and returns the generated diversified key.
Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.