Usage notes
Usage notes for CSNBKEX.
- A valid key type in the key_type parameter and an internal key token in the source_key_identifier parameter. The key type must be equivalent to the control vector specified in the internal key token.
- A key_type parameter of TOKEN and an internal key token in the source_key_identifier parameter. The source_key_identifier can be a label with TOKEN only if the label name is unique in the key storage. The key type is extracted from the control vector contained in the internal key token.
- A valid key type in the key_type parameter, and a label in the source_key_identifier parameter.
If internal key tokens are supplied in the source_key_identifier or exporter_key_identifier parameters, the key in one or both tokens can be re-enciphered. This occurs if the master key was changed since the internal key token was last used. The return and reason codes that indicate this do not indicate which key was re-enciphered. Therefore, assume both keys have been re-enciphered.
Existing internal tokens created with key type MACD must be exported with either a TOKEN or DATAM key type. The external CV will be DATAM CV. The MACD key type is not supported.
To export a double-length MAC generation or MAC verification key, it is recommended that a key type of TOKEN be used.
This is a legacy service. It should only be used if you need TR-31 KEKs for legacy key communications. For other actions where you need to export a CCA source key token or an internal TR-31 to a TR-31 output key block, you should use the CSNBT31X service.