Steps for generating a checksum, verification pattern, or hash pattern for a key part

You can use the Utilities panel to generate a checksum and either an optional verification pattern or an optional hash pattern for a key part. You can use this panel to generate a checksum for a key part even if ICSF has not been initialized.

Note: The use of the Utilities panel to generate the key part, the checksum, and the verification pattern exposes the key part in storage for the duration of the dialogs. For this reason, you can choose to calculate both the checksum, the verification pattern or the hash pattern values manually or by using a PC program. See Checksum Algorithm for a description of the checksum algorithm. See Algorithm for calculating a verification pattern for a description of the algorithm for the verification pattern. See The MDC–4 Algorithm for Generating Hash Patterns for a description of the MDC-4 algorithm that is used to calculate a hash pattern for a key part. The use of the verification pattern or hash pattern is optional.
Follow these steps to generate the checksum and the optional verification pattern or hash pattern for a key part.
  1. Select option 4, CHECKSUM, on the ICSF Utilities panel as shown in Figure 1.
    Figure 1. Selecting the Checksum Option on the ICSF Utilities Panel
     CSFUTL00 ---------------- ICSF - Utilities -------------------------
 OPTION ===> 4


 Enter the number of the desired option above.

   1  ENCODE        -  Encode data
   2  DECODE        -  Decode data
   3  RANDOM        -  Generate a random number
   4  CHECKSUM      -  Generate a checksum and verification and
                       hash patterns
   5  PPKEYS        -  Generate master key values from a pass phrase  
   6  PKDSKEYS      -  Manage keys in the PKDS

    The Checksum and Verification and Hash Pattern panel appears. See Figure 2.

    Figure 2. ICSF Checksum and Verification and Hash Pattern Panel
     CSFMKV00 ------------ ICSF - Checksum and Verification and Hash Pattern -----
 COMMAND ===>


 Enter data below:

  Key Type      ===>                   (Selection panel displayed if blank)

  Key Value     ===> 51ED9CFA90716CFB  Input key value 1
                ===> 58403BFA02BD13E8  Input key value 2
                ===> 9B28AEFA8C47760F  Input key value 3 (AES & ECC & RSA Keys)
                ===> 8453313235ABF69C  Input key value 4 (AES & ECC Keys only)   


  Checksum         : 00                Check digit for key value
  Key Part VP      : 0000000000000000  Verification Pattern
  Key Part HP      : 0000000000000000  Hash Pattern
                   : 0000000000000000

    If you accessed the Random Number Generator panel prior to this panel, the random numbers that are generated appear automatically in the Key Value fields.

  2. If you did not use the Random Number Generator panel to generate random numbers, enter the numbers for which you want to create checksum, verification pattern, or hash patterns into the key value fields. Because these will be the key part values you will specify in the Master Key Entry panels, make sure you record the numbers.
  3. In the Key Type field, specify either:
    • MASTER or DES-MK to generate a checksum, hash, and verification pattern for a 16-byte DES master key part.
    • DES24-MK to generate a checksum, hash, and verification pattern for a 24-byte DES master key part.
    • AES-MK to generate a checksum and verification pattern for an AES master key part.
    • RSA-MK or PKAMSTR to generate a checksum and verification pattern for an RSA master key part.
    • ECC-MK to generate a checksum and verification pattern for an ECC master key part.

    If you leave the Key Type field blank and press ENTER, the Key Type Selection panel appears. See Figure 3.

    Figure 3. Key Type Selection Panel Displayed During Hardware Key Entry
     CSFMKV10 ------------- ICSF - Key Type Selection Panel ---- ROW 1 to 9 OF 9
 COMMAND ===>                                               SCROLL ===> PAGE

 Select one key type only
     KEY TYPE      DESCRIPTION
     AES-MK        AES Master Key                  
     ASYM-MK       Asymmetric Master key           
     DES-MK        DES Master key (16-byte)        
     DES24-MK      DES Master key (24-byte)        
     ECC-MK        ECC Master key                  
     EXPORTER      Export key encrypting key       
     IMP-PKA       Limited Authority Importer key  
     IMPORTER      Import key encrypting key       
     IPINENC       Input PIN encrypting key        
     OPINENC       Output PIN encrypting key       
     PINGEN        PIN generation key              
     PINVER        PIN verification key            
     RSA-MK        RSA Master key                  
 ***************************** BOTTOM OF DATA *****************************
  4. Type 'S' to the left of the DES-MK key type, and press ENTER to return to the Checksum and Verification Pattern panel as shown in Figure 4.

    In this example, we have selected the DES-MK master key.

    Figure 4. ICSF Checksum and Verification Pattern Panel
     CSFMKV00 ------ ICSF - Checksum and Verification and Hash Pattern ---
 COMMAND ===>


 Enter data below:

Key Type      ===> MASTER            (Selection panel displayed if blank)

   Key Value     ===> 51ED9CFA90716CFB  Input key value 1
                 ===> 58403BFA02BD13E8  Input key value 2
                 ===> 0000000000000000  Input key value 3 (AES & ECC & RSA Keys)
                 ===> 0000000000000000  Input key value 4 (AES & ECC Keys only)

   Checksum         : 40                   Check digit for key part
   Key Part VP      : 0CCE190A635A6C89  Verification Pattern
   Key Part HP      : EA58E51179754FB7  Hash Pattern
                    : C102957465CE479E
  5. Record the checksum, verification pattern, and hash pattern.

    Save these values in a secure place along with the key part values in case of a tamper. If the cryptographic feature detects tampering, it clears the master key, and you have to reenter the same master key again.

  6. Press END to return to the Utilities panel.
  7. Press END again to return to the ICSF Primary menu.
Continue with the appropriate topic for steps to enter the master key part you have just generated.
Parent topic: Generating master key data for master key entry