Required commands

The access control points of CSNDT34R.

This verb requires the following commands to be enabled in the active role:

Access control points for TR-34 Key Receive

Rule array keyword Offset Command
2PASSRCV X'01FD' TR-34 Key Receive - allow 2PASSRCV
1PASSRCV X'01FE' TR-34 Key Receive - allow 1PASSRCV
PKI-NONE X'01FF' Permit X.509 without PKI root validation
CRLEXPAL X'003D' TR-34 - Allow expired CRL

When key wrapping method keyword specifies a wrapping method that is not the default method, the TR-34 Key Receive – Allow wrapping override keywords access control must be enabled.

Table 1. Valid TR-34 to CCA import translations and required access controls

Valid TR-34 to CCA import translations and required access controls. This table contains columns for Rule array keyword, Access control name, Offset (hex), and Specific key type and control vector attributes and a row for "K0" and "K1": TR-31 key encryption or wrapping, or key block protection keys.

Rule array keyword Command Offset Specific key type and control vector attributes
"K0" and "K1": TR-31 key encryption or wrapping, or key block protection keys
N/A TR-34 Key Receive - permit DES EXPORTER X'0248' See Table 2.
TR-34 Key Receive - permit DES IMPORTER X'0249'
N/A TR-34 Key Receive - permit AES EXPORTER X'024A' See Table 3.
TR-34 Key Receive - permit AES IMPORTER X'024B'
TR-34 Key Receive - permit AES EXPORTER with EXPTT31D X'024C'
TR-34 Key Receive - permit AES IMPORTER with IMPTT31D X'024D'