Algorithm for calculating a verification pattern

To enter a master key or operational key manually, you enter key parts. When you enter a key part, ICSF displays a verification pattern for that key part on a panel. To verify that you entered the key part correctly, you can use the value of the key part you enter to calculate the verification pattern. Check that the verification pattern you calculate matches the verification ICSF calculates.

To calculate this verification pattern for DES operational keys and the 16-byte DES master key, use this algorithm:
  1. If the key part is an operational key part, exclusive OR the key part with the control vector for the key part's key type. See Control Vector Table, for a listing of control vectors by key type. If the key part is a master key part, do not exclusive OR it with a control vector.
  2. Use the DES algorithm to encrypt the left half of the key part (either master key part or modified operational key part) under the key 4545 4545 4545 4545.
  3. Exclusive OR the result of step 2 with the left half of the key part.
  4. Use the result of step 3 as the DES key in the DES algorithm to encrypt the right half of the key part.
  5. Exclusive OR the result of step 4 with the right half of the key part.
The resulting 64-bit value is the verification pattern.
To calculate this verification pattern for the 24-byte DES master key, use this algorithm:
  1. Appending X'01' to the clear key value of 24-byte master key (01 || key value)
  2. Generating the SHA-1 hash of the 25-byte string

The first eight bytes of the hash is the verification pattern.

The verification pattern for the master key appears on the Coprocessor Selection and Hardware Status panels. If a master key register is full, the panels display the master key verification pattern. The verification patterns for two identical master keys are the same. You can use the verification patterns to verify that master keys in two different key storage units are the same.

ICSF records a master key verification pattern in the SMF record when you enter a master key part or activate a master key. The ICSF SMF record also records a verification pattern when you enter an operational key part.