To load new master key parts into the TKE workstation crypto adapter,
load the first key part, any middle key parts, and the last key part
into the new master key register, and then load the new master key.
The first and last key parts are required. Middle key parts are
optional; you can load multiple middle key parts.
- From the Master Key –> DES/PKA Master Key or Master
Key –> AES Master Key pull-down menu items, select the Parts menu
option.
The Load Master Key panel is displayed.
Figure 1. Load Master Key from Clear Parts
- Select the radio button corresponding to the key part you are
loading (First Part, Middle Part or Last Part).
- Enter the clear key part by doing one of the following:
- Select New to clear data entered in error.
- Select Open... to retrieve key parts saved to disk.
- Select Generate to have the TKE workstation crypto adapter
randomly generate a key part.
- Manually enter a key value into the "Master Key Part" fields.
Each field accepts four hexadecimal digits.
Figure 2. Load Master Key from Clear Parts
— key part randomly generated
- Select Load to load the key part into the new master key
register, and select Save to save the key part to disk.
Attention : Do not remove a USB flash memory
drive from the USB port before you complete the operation that is
using the drive, or before you respond to a message related to the
operation that is using the drive. If you do remove a drive before
the operation is complete, hardware messages might be generated on
the TKE workstation.
Figure 3. Load Master
Key from Clear Parts — key part successfully loaded
Note: Key parts saved to disk are not enciphered.
- Repeat the preceding steps to load the remaining key parts into
the new master key register.
- From the Master Key pull-down menu, select Set...
This will do the following:
- Transfer the key in the current master key register to the old
master key register and delete the former old master key.
- Transfer the key in the new master key register to the current
master key register.
After setting a new master key, reencipher the keys currently in
key storage. (Refer to Reenciphering key storage.)
We recommend a dual control security policy. With a dual control
security policy, the first and last key parts are loaded by different
people.