Parts — Loading a new master key from clear key parts

To load new master key parts into the TKE workstation crypto adapter, load the first key part, any middle key parts, and the last key part into the new master key register, and then load the new master key. The first and last key parts are required. Middle key parts are optional; you can load multiple middle key parts.
  1. From the Master Key –> DES/PKA Master Key or Master Key –> AES Master Key pull-down menu items, select the Parts menu option.

    The Load Master Key panel is displayed.

    Figure 1. Load Master Key from Clear Parts
    Load Master Key from Clear Parts
  2. Select the radio button corresponding to the key part you are loading (First Part, Middle Part or Last Part).
  3. Enter the clear key part by doing one of the following:
    • Select New to clear data entered in error.
    • Select Open... to retrieve key parts saved to disk.
    • Select Generate to have the TKE workstation crypto adapter randomly generate a key part.
    • Manually enter a key value into the "Master Key Part" fields. Each field accepts four hexadecimal digits.
    Figure 2. Load Master Key from Clear Parts — key part randomly generated
    Load Master Key from Clear Parts — key part randomly generated
  4. Select Load to load the key part into the new master key register, and select Save to save the key part to disk.
    Attention : Do not remove a USB flash memory drive from the USB port before you complete the operation that is using the drive, or before you respond to a message related to the operation that is using the drive. If you do remove a drive before the operation is complete, hardware messages might be generated on the TKE workstation.
    Figure 3. Load Master Key from Clear Parts — key part successfully loaded
    Load Master Key from Clear Parts — key part successfully loaded
    Note: Key parts saved to disk are not enciphered.
  5. Repeat the preceding steps to load the remaining key parts into the new master key register.
  6. From the Master Key pull-down menu, select Set... This will do the following:
    1. Transfer the key in the current master key register to the old master key register and delete the former old master key.
    2. Transfer the key in the new master key register to the current master key register.

After setting a new master key, reencipher the keys currently in key storage. (Refer to Reenciphering key storage.)

We recommend a dual control security policy. With a dual control security policy, the first and last key parts are loaded by different people.

Parent topic: Master Key menu