Usage notes
The usage notes for CSNDT34C.
This service is used to perform these operations:
- BINDKRDC: The TR34 BIND token (CT-KRD) CREATE service creates the TR-34 token that contains
Cred-KRD that is needed by the KDH.
- CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
- CT-KRD: (OUTPUT, output_token). Credential token for KRD, containing Cred-KRD in DER format.
- BINDRV: The TR34 BIND token (CT-KDH) RECEIVE service processes the BIND request on the KRD.
- CT-KDH token: (INPUT, input_token). BIND token received from KDH.
- CredKDH; (OUTPUT, output_token). Credential (X.509 certificate), in DER format, for the KDH, needs to be stored in the KRD.
- UNBINDRV: The TR34 UNBIND token (UBT-KDH) RECEIVE service processes the UNBIND request on the KRD.
- UBT-KDH token: (INPUT, input_token). UNBIND token received from KDH.
- CredKDH: (INPUT, cred_kdh). KDH credential (X.509 certificate) with ID and public key.
- CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
- RT-KRD: (INPUT, random_number_token). Token originally sent by the KRD to the KDH and now used for validation.
- <validity> : (OUTPUT, return/reason code). UBT-KDH – is – valid.
- REBINDRV: The TR34 REBIND token (RBT-KDH). RECEIVE service processes the REBIND request on the KRD.
- RBT-KDH: (INPUT, input_token). REBIND token received from KDH.
- CredKDH: (INPUT, cred_kdh). Old KDH credential (X.509 certificate) with ID and public key.
- CredKRD: (INPUT, cred_krd). KRD credential (X.509 certificate) with ID and public key.
- RT-KRD: (INPUT, random_number_token). Token originally sent by the KRD to the KDH and now used for validation.
- <validity>: (OUTPUT, return/reason code). RBT-KDH – is – valid.
- Cred-KDH-NEW: (OUTPUT, output_token). New KRD credential (X.509 certificate), in DER format, needs to be stored in the KRD.
Notes:
- The RT-KRD token can be created with correct formatting using the RT-KRD processing of the CSNBRNGL service. See Random Number Generate (CSNBRNG) for more details.
- RSA 2048 bit and 3072 bit keys will be supported by CCA. This allows strength equivalent to an AES 128-bit key. TR-34 explicitly supports only RSA 2048-bit keys so some vendors will only support that key size.