In these situations, the Enterprise PKCS #11 coprocessor
clears the master key registers so that the master key values are
not disclosed: - If the coprocessor detects tampering (the intrusion latch
is tripped), ALL installation data is cleared: master keys and (optionally)
all installed administrators.
- If the coprocessor detects tampering (the secure boundary
of the card is compromised), it self-destructs and can no longer be
used.
- If you issue a command from the TKE workstation to zeroize a domain
or the entire cryptographic feature.
- If you issue a command from the Support Element panel to zeroize
the entire crypto module.
Although the values of the master keys are cleared, the secure
keys in the TKDS are still enciphered under the cleared P11 master
key. Therefore, to recover these secure keys, you must reenter the
same master keys and activate the P11-MK. For security reasons, you
may then want to change all the master keys.