If you want to enter more than two key parts, you must enter one
or more intermediate key parts. Enter intermediate key parts after
you enter the first key part and prior to entering the final one.
To enter intermediate master key parts:
- Select option 1, COPROCESSOR MGMT, on the ICSF Primary menu
and press ENTER.
The Coprocessor Management panel appears.
- Select the coprocessor(s) to be processed by entering an 'E'
on the Coprocessor Management panel. Select the same coprocessors
that were selected when entering the first key value.
- When pressing ENTER, the Master Key Entry panel appears (Figure 89).
Figure 89. The Master Key Entry Panel for Intermediate Key Values
CSFDKE50 -------------- ICSF - Master Key Entry ---------
COMMAND ===>
AES new master key register : EMPTY
DES new master key register : PART FULL
ECC new master key register : EMPTY
RSA new master key register : EMPTY
Specify information below
Key Type ===> DES-MK (AES-MK, DES-MK, ECC-MK, RSA-MK)
Part ===> MIDDLE (RESET, FIRST, MIDDLE, FINAL)
Checksum ===> 58
Key Value ===> 12021945CADE8431
===> 04091939BABE9632
===> 0000000000000000 (AES-MK, ECC-MK and RSA-MK only)
===> 0000000000000000 (AES-MK, ECC-MK only)
Press ENTER to process.
Press END to exit to the previous menu.
- Fill in the panel
- Enter the master key type in the Key Type field.
In this example
we are continuing to enter the DES-MK master key.
- Enter MIDDLE in the Part field.
- Enter the two-digit checksum and the two 16-digit key values (if
you did not use random number generate).
- Make sure you have recorded the two 16-digit key values.
You may need to reenter these same values at a later date to restore
master key values that have been cleared. Make sure
all master key parts you enter are recorded and saved in a secure
location.
- When all the fields are complete, press ENTER.
If
the checksum entered in the checksum field matches the checksum that
the master key entry utility calculated, the key part is accepted.
The message at the top of the panel states KEY PART LOADED,
as shown in Figure 90. The new master key register status
changes to PART FULL. The verification pattern and hash pattern that
are calculated for the key part appear near the bottom of the panel.
Compare
them with the patterns generated by the random number generator or
provided by the person who gave you the key part value to enter.
- Record the verification pattern and hash pattern.
Figure 90. The Master Key Entry Panel with Intermediate Key Values
CSFDKE50 -------------- ICSF - Master Key Entry --------KEY PART LOADED-
COMMAND ===>
AES new master key register : EMPTY
DES new master key register : PART FULL
ECC new master key register : EMPTY
RSA new master key register : EMPTY
Specify information below
Key Type ===> ___ (AES-MK, DES-MK, ECC-MK, RSA-MK)
Part ===> ______ (RESET, FIRST, MIDDLE, FINAL)
Checksum ===> 00
Key Value ===> 0000000000000000
===> 0000000000000000
===> 0000000000000000 (AES-MK, ECC-MK and RSA-MK only)
===> 0000000000000000 (AES-MK, ECC-MK only)
Press ENTER to process.
Press END to exit to the previous menu.
- If the checksums do not match, the message Invalid Checksum appears.
If this occurs, follow this sequence to resolve the problem:
- Reenter the checksum.
- If you still get a checksum error, recalculate the checksum.
- If your calculations result in a different value for the checksum,
enter the new value.
- If your calculations result in the same value for the checksum,
or if a new checksum value does not resolve the error, reenter the
key part halves and checksum.
When you have entered the middle key part successfully, continue
with:
|