Master Key Process (CSNBMKP)
The Master Key Process verb operates on the three master-key registers: new, current, and old.
Use the verb to perform the following services:
- Clear the new and clear the old master-key register.
- Generate a random master-key value in the new master-key register.
- XOR a clear value as a key part into the new master-key register.
- Set the master key, which transfers the current master-key to the old master-key register, and the new master-key to the current master-key register. It then clears the new master-key register.
To form a master key from key parts in the new master-key register, use the verb several times to complete the following tasks:
- Clear the register, if it is not already clear.
- Load the first key part.
- Load any middle key parts, calling the verb once for each middle key part.
- Load the last key part.
- SET or confirm a master key for which the last key part has been loaded into the new master-key register.
For the SYM-MK, the low-order bit (most right) in each byte of the key is used as parity for the remaining bits in the byte. Each byte of the key part must contain an odd number of '1' bits. Therefore, the low-order bit needs to be turned to '1' or '0' accordingly to make the total number of '1's in the byte an odd number. If this is not the case, a warning is issued. The product maintains odd parity on the accumulated symmetric master-key value.
When the last master key part is entered, this additional processing is performed:
- If any two of the 8-byte parts of the new master-key have the same value, a warning is issued. Do not ignore this warning. Do not use a key with this property.
- If any of the 8-byte parts of the new master-key compares equal to one of the weak DES-keys, the verb fails with return code 8, reason code 703. See Questionable DES keys for a list of these weak keys. A parity-adjusted version of the asymmetric master-key is used to look for weak keys.
If an AES, DES or PKA key storage exists, the header record of each key storage is updated with the verification pattern of the new, current master key.