Use the ICSF panels to display the coprocessor role for the coprocessor.
All the access control points enabled will be listed.
- Select option 1, COPROCESSOR MGMT, on the ICSF Primary Menu panel.
- The Coprocessor Management panel appears. Refer to Figure 1.
Figure 1. Coprocessor Management Panel CSFGCMPOO ---------------- ICSF Coprocessor Management -------- Row 1 to 7 of 7
COMMAND ===>
Select the cryptographic features to be processed and press ENTER.
Action characters are: A, D, E, K, R, and S. See the help panel for details.
CRYPTO SERIAL
FEATURE NUMBER STATUS AES DES ECC RSA P11
------- -------- --------------–---- --- --- --- --- ---
. 4C00 16BA6173 Active I A A A
. 4C01 16BA6174 Master key incorrect I A C E
. 4C02 16BA6175 Master key incorrect I A C E
. 4A03 N/A Active
. 4C04 16BA6199 Deactivated
. 4P05 16BA6200 Active A
. 4P06 16BA6201 Master key incorrect U
******************************* Bottom of data ********************************
- Select the desired coprocessor by entering an 'R' to
the left of the coprocessor. Press enter and the Status Display panel
appears (Figure 2).
Figure 2. CCA Coprocessor Role Display
panelAccess Control Manager - Read role
Authorize UDX
AES Master Key - Clear new master key register
AES Master Key - Combine key parts
AES Master Key - Load first key part
AES Master Key - Set master key
Clear Key Import/Multiple Clear Key Import - DES
Clear PIN Encrypt
Clear PIN Generate - GBP
Clear PIN Generate - Interbank
Clear PIN Generate - VISA PVV
Clear PIN Generate - 3624
Clear PIN Generate Alternate - VISA PVV
Clear PIN Generate Alternate - 3624 Offset
Control Vector Translate
Cryptographic Variable Encipher
CKDS Conversion2 - Allow use of REFORMAT
CKDS Conversion2 - Allow wrapping override keywords
CKDS Conversion2 - Convert from enhanced to original
CVV Key Combine
CVV Key Combine - Allow wrapping override keywords
CVV Key Combine - Permit mixed key types
Data Key Export
Data Key Export - Unrestricted
Data Key Import
Data Key Import - Unrestricted
Decipher - DES
Digital Signature Generate
Digital Signature Verify
Diversified Key Generate - Allow wrapping override keywords
Diversified Key Generate - CLR8-ENC
Diversified Key Generate - Single length or same halves
Diversified Key Generate - SESS-XOR
Diversified Key Generate - TDES-DEC
Diversified Key Generate - TDES-ENC
Diversified Key Generate - TDES-XOR
Diversified Key Generate - TDESEMV2/TDESEMV4
DATAM Key Management Control
DES Master Key - Clear new master key register
DES Master Key - Combine key parts
DES Master Key - Load first key part
DES Master Key - Set master key Encipher - DES
Encrypted PIN Generate - GBP
Encrypted PIN Generate - Interbank
Encrypted PIN Generate - 3624
Encrypted PIN Translate - Reformat
Figure 3. CCA Coprocessor Role Display panel
- part 2Encrypted PIN Translate - Translate
Encrypted PIN Verify - GBP
Encrypted PIN Verify - Interbank
Encrypted PIN Verify - VISA PVV
Encrypted PIN Verify - 3624
ECC Diffie-Hellman
ECC Diffie-Hellman - Allow key wrap override
ECC Diffie-Hellman - Allow BP Curve 160
ECC Diffie-Hellman - Allow BP Curve 192
ECC Diffie-Hellman - Allow BP Curve 224
ECC Diffie-Hellman - Allow BP Curve 256
ECC Diffie-Hellman - Allow BP Curve 320
ECC Diffie-Hellman - Allow BP Curve 384
ECC Diffie-Hellman - Allow BP Curve 512
ECC Diffie-Hellman - Allow Prime Curve 192
ECC Diffie-Hellman - Allow Prime Curve 224
ECC Diffie-Hellman - Allow Prime Curve 256
ECC Diffie-Hellman - Allow Prime Curve 384
ECC Diffie-Hellman - Allow Prime Curve 521
ECC Diffie-Hellman - Allow PASSTHRU
ECC Master Key - Clear new master key register
ECC Master Key - Combine key parts
ECC Master Key - Load first key part
ECC Master Key - Set master key
HMAC Generate - SHA-1
HMAC Generate - SHA-224
HMAC Generate - SHA-256
HMAC Generate - SHA-384
HMAC Generate - SHA-512
HMAC Verify - SHA-1
HMAC Verify - SHA-224
HMAC Verify - SHA-256
HMAC Verify - SHA-384
HMAC Verify - SHA-512
Key Export
Key Export - Unrestricted
Key Generate - Key set
Key Generate - Key set extended
Key Generate - OP
Key Generate - SINGLE-R
Key Generate2 - Key set
Key Generate2 - OP
Key Import
Key Import - Unrestricted
Key Part Import - first key part
Key Part Import - middle and last
Key Part Import - Allow wrapping override keywords
Key Part Import - ADD-PART
Key Part Import - COMPLETE
Key Part Import - Unrestricted
Key Part Import2 - Add last required key part
Key Part Import2 - Add optional key part
Key Part Import2 - Add second of 3 or more key parts
Key Part Import2 - Complete key
Key Part Import2 - Load first key part, require 1 key parts
Key Part Import2 - Load first key part, require 2 key parts
Key Part Import2 - Load first key part, require 3 key parts
Key Test and Key Test2
Key Test2 - AES, ENC-ZERO
Key Translate
Key Translate2
Key Translate2 - Allow use of REFORMAT
Key Translate2 - Allow wrapping override keywords
Multiple Clear Key Import - Allow wrapping override keywords
Multiple Clear Key Import/Multiple Secure Key Import - AES
Multiple Secure Key Import - Allow wrapping override keywords
MAC Generate
MAC Verify
Figure 4. CCA Coprocessor Role Display
panel – part 3NOCV KEK usage for export-related functions
NOCV KEK usage for import-related functions
Operational Key Load
Prohibit Export
Prohibit Export Extended
PCF CKDS conversion utility
PCF CKDS Conversion - Allow wrapping override keywords
PIN Change/Unblock - change EMV PIN with IPINENC
PIN Change/Unblock - change EMV PIN with OPINENC
PKA Decrypt
PKA Encrypt
PKA Key Generate
PKA Key Generate - Clear ECC keys
PKA Key Generate - Clear RSA keys
PKA Key Generate - Clone
PKA Key Generate - Permit Regeneration Data
PKA Key Generate - Permit Regeneration Data Retain
PKA Key Import
PKA Key Import - Import an external trusted block
PKA Key Token Change RTCMK
PKA Key Translate - from source EXP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target IMP KEK
PKA Key Translate - from CCA RSA to SC CRT Format
PKA Key Translate - from CCA RSA to SC ME Format
PKA Key Translate - from CCA RSA to SC Visa Format
Reencipher CKDS2
Reencipher CKDS
Reencipher PKDS
Remote Key Export - Gen or export a non-CCA node key
Restrict Key Attribute - Export Control
Restrict Key Attribute - Permit setting the TR-31 export bit
Retained Key Delete
Retained Key List
RSA Master Key - Clear new master key register
RSA Master Key - Combine key parts
RSA Master Key - Load first key part
RSA Master Key - Set master key
Secure Key Import - DES,IM
Secure Key Import - DES,OP
Secure Key Import2 - IM
Secure Key Import2 - OP
Secure Messaging for Keys
Secure Messaging for PINs
Symmetric token wrapping - external enhanced method
Symmetric token wrapping - external original method
Symmetric token wrapping - internal enhanced method
Symmetric token wrapping - internal original method
Symmetric Algorithm Decipher - secure AES keys
Symmetric Algorithm Encipher - secure AES keys
Symmetric Key Encipher/Decipher - Encrypted AES keys
Symmetric Key Encipher/Decipher - Encrypted DES keys
Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Export - AES, ZERO-PAD
Symmetric Key Export - AES,PKOAEP2
Symmetric Key Export - AESKW
Symmetric Key Export - DES, PKCS-1.2
Symmetric Key Export - DES, ZERO-PAD
Symmetric Key Export - HMAC,PKOAEP2
Figure 5. CCA Coprocessor Role Display
panel – part 4Symmetric Key Generate - Allow wrapping override keywords
Symmetric Key Generate - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Generate - AES, ZERO-PAD
Symmetric Key Generate - DES, PKA92
Symmetric Key Generate - DES, PKCS-1.2
Symmetric Key Generate - DES, ZERO-PAD
Symmetric Key Import - Allow wrapping override keywords
Symmetric Key Import - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Import - AES, ZERO-PAD
Symmetric Key Import - DES, PKA92 KEK
Symmetric Key Import - DES, PKCS-1.2
Symmetric Key Import - DES, ZERO-PAD
Symmetric Key Import2 - AES,PKOAEP2
Symmetric Key Import2 - AESKW
Symmetric Key Import2 - HMAC,PKOAEP2
Symmetric Key Token Change - RTCMK
Symmetric Key Token Change2 - RTCMK
SET Block Compose
SET Block Decompose
SET Block Decompose - PIN Extension IPINENC
SET Block Decompose - PIN Extension OPINENC
Transaction Validation - Generate
Transaction Validation - Verify CSC-3
Transaction Validation - Verify CSC-4
Transaction Validation - Verify CSC-5
Trusted Block Create - Activate an inactive block
Trusted Block Create - Create Block in inactive form
TR31 Export - Permit any CCA key if INCL-CV is specified
TR31 Export - Permit version A TR-31 key blocks
TR31 Export - Permit version B TR-31 key blocks
TR31 Export - Permit version C TR-31 key blocks
TR31 Export - Permit DATA to C0:G/C
TR31 Export - Permit DATA to D0:B
TR31 Export - Permit DKYGENKY:DKYL0+DALL to E4
TR31 Export - Permit DKYGENKY:DKYL0+DALL to E5
TR31 Export - Permit DKYGENKY:DKYL0+DDATA to E4
TR31 Export - Permit ENCIPHER/DECIPHER/CIPHER to D0:E/D/B
TR31 Export - Permit IPINENC to P0:D
TR31 Export - Permit KEYGENKY:UKPT to B0
TR31 Export - Permit MAC/DATA/DATAM to M1:G/C
TR31 Export - Permit MAC/DATA/DATAM to M3:G/C
TR31 Export - Permit MAC/MACVER:ANY-MAC to C0:G/C/V
TR31 Export - Permit MACVER/DATAMV to M0:V
TR31 Export - Permit MACVER/DATAMV to M1:V
TR31 Export - Permit MACVER/DATAMV to M3:V
TR31 Export - Permit OPINENC to P0:E
TR31 Export - Permit PINGEN:NO-SPEC/IBM-PIN/IBM-PINO to V1
TR31 Export - Permit PINGEN:NO-SPEC/VISA-PVV to V2
TR31 Export - Permit PINVER:NO-SPEC/IBM-PIN/IBM-PINO to V1
TR31 Export - Permit PINVER:NO-SPEC/VISA-PVV to V2
TR31 Import - Permit override of default wrapping method
TR31 Import - Permit version A TR-31 key blocks
TR31 Import - Permit version B TR-31 key blocks
TR31 Import - Permit version C TR-31 key blocks
TR31 Import - Permit E4 to DKYGENKY:DKYL0+DDATA
TR31 Import - Permit M0/M1/M3 to MAC/MACVER:ANY-MAC
TR31 Import - Permit P0:D to IPINENC
TR31 Import - Permit P0:E to OPINENC
TR31 Import - Permit V1 to PINGEN:IBM-PIN/IBM-PINO
TR31 Import - Permit V1 to PINVER:IBM-PIN/IBM-PINO
TR31 Import - Permit V2 to PINGEN:VISA-PVV
TR31 Import - Permit V2 to PINVER:VISA-PVV
UKPT - PIN Verify, PIN Translate
VISA CVV Generate
VISA CVV Verify