The following tables show the ACPs that are assigned to each of the IBM-supplied roles.
SCTKEADM
| ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 5.2 | Enabled in release TKE 5.3, TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | ||
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F | x | |||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | ||
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | x | |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
| Load First Master Key Part | X'0018' | x | x | x | x | x | x |
| Combine Master Key Parts | X'0019' | x | x | x | x | x | x |
| Set Master Key | X'001A' | x | x | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
| Clear New Master Key Register | X'0032' | x | x | x | x | x | x |
| Reencipher to Current Master Key | X'0090' | x | x | x | x | x | x |
| Reencipher to Current Master Key2 | X'00F1' | x | x | ||||
| PKA96 Key Token Change | X'0102' | x | x | x | x | x | x |
| One-Way Hash, SHA-1 | X'0107' | x | x | x | x | x | x |
| Reset Intrusion Latch | X'010F' | x | x | x | x | x | x |
| Set Clock | X'0110' | x | x | x | x | x | x |
| Reinitialize Device | X'0111' | x | x | x | x | x | x |
| Initialize Access-Control System | X'0112' | x | x | x | x | x | x |
| Change User Profile Expiration Date | X'0113' | x | x | x | x | x | x |
| Change User Profile Authentication Data | X'0114' | x | x | x | x | x | x |
| Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x | x | x |
| Delete User Profile | X'0117' | x | x | x | x | x | x |
| Delete Role | X'0118' | x | x | x | x | x | x |
| Load Function-Control Vector | X'0119' | x | x | x | x | x | x |
| Clear Function-Control Vector | X'011A' | x | x | x | x | x | x |
| Clear AES New Master Key Register | X'0124' | x | x | ||||
| Load First AES Master Key Part | X'0125' | x | x | ||||
| Load Middle/Last AES Master Key Parts | X'0126' | x | x | ||||
| Set AES Master Key | X'0128' | x | x | ||||
| Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
| RNX access control point | X'02A2' | x | x | x | x | x | x |
| Session Key Master | X'02A3' | x | x | x | x | x | x |
| Session Key Slave | X'02A4' | x | x | x | x | x | x |
| Import Card Device Certificate | X'02A5' | x | x | x | x | x | |
| Import CA Public Certificate | X'02A6' | x | x | x | x | x | |
| Master Key Extended | X'02A7' | x | x | x | x | x | x |
| Delete Device Retained Key | X'02A8' | x | x | x | x | x | |
| Export Card Device Certificate | X'02A9' | x | x | x | x | x | |
| Export CA Public Certificate | X'02AA' | x | x | x | x | x | |
| Reset Battery Low Indicator | X'030B' | x | x | x | x | x | x |
| Open Begin Zone Remote Enroll Process | X'1000' | x | x | x | |||
| Open Complete Zone Remote Enroll Process | X'1001' | x | x | x | |||
| Open Cryptographic Node Management Utility | X'1002' | x | x | x | |||
| Open Smart Card Utility Program | X'1005' | x | x | x | |||
| Open Edit TKE Files | X'100D' | x | x | x | |||
| Open TKE File Management Utility | X'100E' | x | x | x | |||
| TKE USER | X'8002' | x | x |
SCTKEUSR
| ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2 | Enabled in release TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | x | x |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | x |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | |||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | ||
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
| Encipher | X'000E' | x | x | x | x | x | x |
| Decipher | X'000F' | x | x | x | x | x | x |
| Reencipher to Master Key | X'0012' | x | x | x | x | x | x |
| Reencipher from Master Key | X'0013' | x | x | x | x | x | x |
| Load First Key Part | X'001B' | x | x | x | x | x | x |
| Combine Key Parts | X'001C' | x | x | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
| Generate Key Set | X'008C' | x | x | x | x | x | x |
| PKA96 Digital Signature Verify | X'0101' | x | x | x | x | x | x |
| PKA96 Key Import | X'0104' | x | x | x | x | x | x |
| PKA Clone Key Generate | X'0204' | x | x | x | x | x | x |
| PKA Clear Key Generate | X'0205' | x | x | x | x | x | x |
| Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x | x | x |
| Combine Diffie-Hellman Key part | X'0251' | x | x | x | x | x | x |
| Clear Diffie-Hellman Key values | X'0252' | x | x | x | x | x | x |
| Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
| Import First AES Key Part (min of 2) | X'0298' | x | x | x | |||
| Import Last Required AES Key Part | X'029B' | x | x | x | |||
| Import Optional AES Key Part | X'029C' | x | x | x | |||
| Complete AES Key Import | X'029D' | x | x | x | |||
| Process cleartext ICSF key parts | X'02A0' | x | x | x | x | x | x |
| Process enciphered ICSF key parts | X'02A1' | x | x | x | x | x | x |
| RNX access control point | X'02A2' | x | x | x | x | x | x |
| Session Key Master | X'02A3' | x | x | x | x | x | x |
| Session Key Slave | X'02A4' | x | x | x | x | x | x |
| Export Card Device Certificate | X'02A9' | x | x | x | x | x | x |
| OA Proxy Key Generate | X'0344' | x | x | x | x | x | |
| OA Proxy Signature Return | X'0345' | x | x | x | x | x | |
| Open Migrate IBM® Host Crypto Module Public Configuration Data | X'1003' | x | x | x | x | ||
| Open Configuration Migration Tasks | X'1004' | x | x | x | x | ||
| Open Trusted Key Entry | X'1006' | x | x | x | x | ||
| Create Domain Group | X'1007' | x | x | x | x | ||
| Change Domain Group | X'1008' | x | x | x | x | ||
| Delete Domain Group | X'1009' | x | x | x | x | ||
| Create Crypto Module Group | X'100A' | x | x | x | x | ||
| Change Crypto Module Group | X'100B' | x | x | x | x | ||
| Delete Crypto Module Group | X'100C' | x | x | x | x | ||
| Open Edit TKE Files | X'100D' | x | x | x | x | ||
| Open TKE File Management Utility | X'100E' | x | x | x | x | ||
| Manage Host List | X'100F' | x | x | ||||
| TKE USER | X'8002' | x | x |
DEFAULT role when initialized for use with smart card profiles
| ACP | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 to TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | |||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | x | x | x |
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | |||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | |||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | |
| Encipher | X'000E' | x | x | x | x |
| Decipher | X'000F' | x | x | x | x |
| Generate MAC | X'0010' | x | x | x | x |
| Verify MAC | X'0011' | x | x | x | x |
| Reencipher to Master Key | X'0012' | x | x | x | x |
| Reencipher from Master Key | X'0013' | x | x | x | x |
| Load First Master Key Part | X'0018' | x | x | x | x |
| Combine Master Key Parts | X'0019' | x | x | x | x |
| Set Master Key | X'001A' | x | x | x | x |
| Load First Key Part | X'001B' | x | x | x | x |
| Combine Key Parts | X'001C' | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x |
| Translate Key | X'001F' | x | x | x | x |
| Generate Random Master Key | X'0020' | x | x | x | x |
| Clear New Master Key Register | X'0032' | x | x | x | x |
| Clear Old Master Key Register | X'0033' | x | x | x | x |
| Generate Diversified Key (CLR8-ENC) | X'0040' | x | x | x | x |
| Generate Diversified Key (TDES-ENC) | X'0041' | x | x | x | x |
| Generate Diversified Key (TDES-DEC) | X'0042' | x | x | x | x |
| Generate Diversified Key (SESS-XOR) | X'0043' | x | x | x | x |
| Enable DKG Single Length Keys and Equal Halves for TDES-ENC, TDES-DEC | X'0044' | x | x | x | x |
| Load First Asymmetric Master Key Part | X'0053' | x | x | x | x |
| Combine PKA Master Key Parts | X'0054' | x | x | x | x |
| Set Asymmetric Master Key | X'0057' | x | x | x | x |
| Clear New Asymmetric Master Key Buffer | X'0060' | x | x | x | x |
| Clear Old Asymmetric Master Key Buffer | X'0061' | x | x | x | x |
| Generate MDC | X'008A' | x | x | x | x |
| Generate Key Set | X'008C' | x | x | x | x |
| Reencipher to Current Master Key | X'0090' | x | x | x | x |
| Generate Clear 3624 PIN | X'00A0' | x | x | x | x |
| Generate Clear 3624 PIN Offset | X'00A4' | x | x | x | x |
| Verify Encrypted 3624 PIN | X'00AB' | x | x | x | x |
| Verify Encrypted German Bank Pool PIN | X'00AC' | x | x | x | x |
| Verify Encrypted VISA PVV | X'00AD' | x | x | x | x |
| Verify Encrypted InterBank PIN | X'00AE' | x | x | x | x |
| Format and Encrypt PIN | X'00AF' | x | x | x | x |
| Generate Formatted and Encrypted 3624 PIN | X'00B0' | x | x | x | x |
| Generate Formatted and Encrypted German Bank Pool PIN | X'00B1' | x | x | x | x |
| Generate Formatted and Encrypted InterBank PIN | X'00B2' | x | x | x | x |
| Translate PIN with No Format-Control to No Format-Control | X'00B3' | x | x | x | x |
| Reformat PIN with No Format-Control to No Format-Control | X'00B7' | x | x | x | x |
| Generate Clear VISA PVV Alternate | X'00BB' | x | x | x | x |
| Encipher Under Master Key | X'00C3' | x | x | x | x |
| Lower Export Authority | X'00CD' | x | x | x | x |
| Translate Control Vector | X'00D6' | x | x | x | x |
| Generate Key Set Extended | X'00D7' | x | x | x | x |
| Encipher/Decipher Cryptovariable | X'00DA' | x | x | x | x |
| Replicate Key | X'00DB' | x | x | x | x |
| Generate CVV | X'00DF' | x | x | x | x |
| Verify CVV | X'00E0' | x | x | x | x |
| Unique Key Per Transaction, ANSI X9.24 | X'00E1' | x | x | x | x |
| Reencipher to Current Master Key2 | X'00F1' | x | x | ||
| PKA96 Digital Signature Verify | X'0101' | x | x | x | x |
| PKA96 Key Token Change | X'0102' | x | x | x | x |
| PKA96 Key Import | X'0104' | x | x | x | x |
| Symmetric Key Export PKCS-1.2/OAEP | X'0105' | x | x | x | x |
| Symmetric Key Import PKCS-1.2/OAEP | X'0106' | x | x | x | x |
| One-Way Hash, SHA-1 | X'0107' | x | x | x | x |
| Data Key Import | X'0109' | x | x | x | x |
| Data Key Export | X'010A' | x | x | x | x |
| Compose SET Block | X'010B' | x | x | x | x |
| Decompose SET Block | X'010C' | x | x | x | x |
| PKA92 Symmetric Key Generate | X'010D' | x | x | x | x |
| NL-EPP-5 Symmetric Key Generate | X'010E' | x | x | x | x |
| Reset Intrusion Latch | X'010F' | x | x | x | x |
| Set Clock | X'0110' | x | x | x | x |
| Reinitialize Device | X'0111' | x | x | x | x |
| Initialize Access-Control System | X'0112' | x | x | x | x |
| Change User Profile Expiration Date | X'0113' | x | x | x | x |
| Change User Profile Authentication Data | X'0114' | x | x | x | x |
| Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x |
| Delete User Profile | X'0117' | x | x | x | x |
| Delete Role | X'0118' | x | x | x | x |
| Load Function-Control Vector | X'0119' | x | x | x | x |
| Clear Function-Control Vector | X'011A' | x | x | x | x |
| Force User Logoff | X'011B' | x | x | x | x |
| Set EID | X'011C' | x | x | x | x |
| Initialize Master Key Cloning | X'011D' | x | x | x | x |
| RSA Encipher Clear Key | X'011E' | x | x | x | x |
| Generate Random Asymmetric Master Key | X'0120' | x | x | x | x |
| SET PIN Encrypt with IPINENC | X'0121' | x | x | x | x |
| SET PIN Encrypt with OPINENC | X'0122' | x | x | x | x |
| Clear AES New Master Key Register | X'0124' | x | x | ||
| Load First AES Master Key Part | X'0125' | x | x | ||
| Load Middle/Last AES Master Key Parts | X'0126' | x | x | ||
| Set AES Master Key | X'0128' | x | x | ||
| PKA Register Public Key Hash | X'0200' | x | x | x | x |
| PKA Public Key Register with Cloning | X'0201' | x | x | x | x |
| PKA Public Key Register | X'0202' | x | x | x | x |
| PKA Clone Key Generate | X'0204' | x | x | x | x |
| PKA Clear Key Generate | X'0205' | x | x | x | x |
| Clone-info (share) Obtain 1 | X'0211' | x | x | x | x |
| Clone-info (share) Obtain 2 | X'0212' | x | x | x | x |
| Clone-info (share) Obtain 3 | X'0213' | x | x | x | x |
| Clone-info (share) Obtain 4 | X'0214' | x | x | x | x |
| Clone-info (share) Obtain 5 | X'0215' | x | x | x | x |
| Clone-info (share) Obtain 6 | X'0216' | x | x | x | x |
| Clone-info (share) Obtain 7 | X'0217' | x | x | x | x |
| Clone-info (share) Obtain 8 | X'0218' | x | x | x | x |
| Clone-info (share) Obtain 9 | X'0219' | x | x | x | x |
| Clone-info (share) Obtain 10 | X'021A' | x | x | x | x |
| Clone-info (share) Obtain 11 | X'021B' | x | x | x | x |
| Clone-info (share) Obtain 12 | X'021C' | x | x | x | x |
| Clone-info (share) Obtain 13 | X'021D' | x | x | x | x |
| Clone-info (share) Obtain 14 | X'021E' | x | x | x | x |
| Clone-info (share) Obtain 15 | X'021F' | x | x | x | x |
| Clone-info (share) Install 1 | X'0221' | x | x | x | x |
| Clone-info (share) Install 2 | X'0222' | x | x | x | x |
| Clone-info (share) Install 3 | X'0223' | x | x | x | x |
| Clone-info (share) Install 4 | X'0224' | x | x | x | x |
| Clone-info (share) Install 5 | X'0225' | x | x | x | x |
| Clone-info (share) Install 6 | X'0226' | x | x | x | x |
| Clone-info (share) Install 7 | X'0227' | x | x | x | x |
| Clone-info (share) Install 8 | X'0228' | x | x | x | x |
| Clone-info (share) Install 9 | X'0229' | x | x | x | x |
| Clone-info (share) Install 10 | X'022A' | x | x | x | x |
| Clone-info (share) Install 11 | X'022B' | x | x | x | x |
| Clone-info (share) Install 12 | X'022C' | x | x | x | x |
| Clone-info (share) Install 13 | X'022D' | x | x | x | x |
| Clone-info (share) Install 14 | X'022E' | x | x | x | x |
| Clone-info (share) Install 15 | X'022F' | x | x | x | x |
| List Retained Key | X'0230' | x | x | x | x |
| Generate Clear NL-PIN-1 Offset | X'0231' | x | x | x | x |
| Verify Encrypted NL-PIN-1 | X'0232' | x | x | x | x |
| PKA92 Symmetric Key Import | X'0235' | x | x | x | x |
| PKA92 Symmetric Key Import with PIN keys | X'0236' | x | x | x | x |
| ZERO-PAD Symmetric Key Generate | X'023C' | x | x | x | x |
| ZERO-PAD Symmetric Key Import | X'023D' | x | x | x | x |
| ZERO-PAD Symmetric Key Export | X'023E' | x | x | x | x |
| Symmetric Key Generate PKCS-1.2/OAEP | X'023F' | x | x | x | x |
| Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x |
| Combine Diffie-Hellman Key part | X'0251' | x | x | x | x |
| Clear Diffie-Hellman Key values | X'0252' | x | x | x | x |
| Unrestrict Reencipher from Master Key | X'0276' | x | x | x | x |
| Unrestrict Data Key Export | X'0277' | x | x | x | x |
| Add Key Part | X'0278' | x | x | x | x |
| Complete Key Part | X'0279' | x | x | x | x |
| Unrestrict Combine Key Parts | X'027A' | x | x | x | x |
| Unrestrict Reencipher to Master Key | X'027B' | x | x | x | x |
| Unrestrict Data Key Import | X'027C' | x | x | x | x |
| Generate Diversified Key (DALL with DKYGENKY Key Type) | X'0290' | x | x | x | x |
| Generate CSC-5, 4 and 3 Values | X'0291' | x | x | x | x |
| Verify CSC-3 Values | X'0292' | x | x | x | x |
| Verify CSC-4 Values | X'0293' | x | x | x | x |
| Verify CSC-5 Values | X'0294' | x | x | x | x |
| Process cleartext ICSF key parts | X'02A0' | x | x | x | x |
| Process enciphered ICSF key parts | X'02A1' | x | x | x | x |
| RNX access control point | X'02A2' | x | x | x | x |
| Session Key Master | X'02A3' | x | x | x | x |
| Session Key Slave | X'02A4' | x | x | x | x |
| Import Card Device Certificate | X'02A5' | x | x | x | x |
| Import CA Public Certificate | X'02A6' | x | x | x | x |
| Master Key Extended | X'02A7' | x | x | x | x |
| Delete Device Retained Key | X'02A8' | x | x | x | x |
| Export Card Device Certificate | X'02A9' | x | x | x | x |
| Export CA Public Certificate | X'02AA' | x | x | x | x |
| Reset Battery Low Indicator | X'030B' | x | x | x | x |
TKEADM
| TKEADM - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 5.2 | Enabled in release TKE 5.3, TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1, TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
| ***Required*** 008E Generate Key | X'008E' | x | ||||
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | ||
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | ||
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | ||
| Compute Verification Pattern | X'001D' | x | x | x | x | x |
| One-Way Hash, SHA-1 | X'0107' | x | x | x | x | x |
| Reset Intrusion Latch | X'010F' | x | x | x | x | x |
| Set Clock | X'0110' | x | x | x | x | x |
| Reinitialize Device | X'0111' | x | x | x | x | x |
| Initialize Access-Control System | X'0112' | x | x | x | x | x |
| Change User Profile Expiration Date | X'0113' | x | x | x | x | x |
| Change User Profile Authentication Data | X'0114' | x | x | x | x | x |
| Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x | x |
| Delete User Profile | X'0117' | x | x | x | x | x |
| Delete Role | X'0118' | x | x | x | x | x |
| Load Function-Control Vector | X'0119' | x | x | x | x | x |
| Clear Function-Control Vector | X'011A' | x | x | x | x | x |
| Import Card Device Certificate | X'02A5' | x | x | x | x | |
| Import CA Public Certificate | X'02A6' | x | x | x | x | |
| Delete Device Retained Key | X'02A8' | x | x | x | x | |
| Export Card Device Certificate | X'02A9' | x | x | x | x | |
| Export CA Public Certificate | X'02AA' | x | x | x | x | |
| Reset Battery Low Indicator | X'030B' | x | x | x | x | x |
| Open Begin Zone Remote Enroll Process | X'1000' | x | x | |||
| Open Complete Zone Remote Enroll Process | X'1001' | x | x | |||
| Open Cryptographic Node Management Utility | X'1002' | x | x | |||
| Open Smart Card Utility Program | X'1005' | x | x | |||
| Open Edit TKE Files | X'100D' | x | x | |||
| Open TKE File Management Utility | X'100E' | x | x | |||
| TKE USER | X'8002' | x | x |
TKEUSER
| TKEUSER - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2 | Enabled in release TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | x | x |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | x |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | |||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | ||
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
| Encipher | X'000E' | x | x | x | x | x | x |
| Decipher | X'000F' | x | x | x | x | x | x |
| Reencipher to Master Key | X'0012' | x | x | x | x | x | x |
| Reencipher from Master Key | X'0013' | x | x | x | x | x | x |
| Load First Key Part | X'001B' | x | x | x | x | x | x |
| Combine Key Parts | X'001C' | x | x | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
| Generate Key Set | X'008C' | x | x | x | x | x | x |
| PKA96 Digital Signature Verify | X'0101' | x | x | x | x | x | x |
| PKA96 Key Import | X'0104' | x | x | x | x | x | x |
| PKA Clone Key Generate | X'0204' | x | x | x | x | x | x |
| PKA Clear Key Generate | X'0205' | x | x | x | x | x | x |
| Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x | x | x |
| Combine Diffie-Hellman Key part | X'0251' | x | x | x | x | x | x |
| Clear Diffie-Hellman Key values | X'0252' | x | x | x | x | x | x |
| Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
| Import First AES Key Part (min of 2) | X'0298' | x | x | x | |||
| Import Last Required AES Key Part | X'029B' | x | x | x | |||
| Import Optional AES Key Part | X'029C' | x | x | x | |||
| Complete AES Key Import | X'029D' | x | x | x | |||
| Process cleartext ICSF key parts | X'02A0' | x | x | x | x | x | x |
| Process enciphered ICSF key parts | X'02A1' | x | x | x | x | x | x |
| RNX access control point | X'02A2' | x | x | x | x | x | x |
| Session Key Master | X'02A3' | x | x | x | x | x | x |
| Session Key Slave | X'02A4' | x | x | x | x | x | x |
| Export Card Device Certificate | X'02A9' | x | x | x | x | x | x |
| OA Proxy Key Generate | X'0344' | x | x | x | x | x | |
| OA Proxy Signature Return | X'0345' | x | x | x | x | x | |
| Open Migrate IBM Host Crypto Module Public Configuration Data | X'1003' | x | x | x | x | ||
| Open Configuration Migration Tasks | X'1004' | x | x | x | x | ||
| Open Smart Card Utility Program | X'1005' | x | x | x | x | ||
| Open Trusted Key Entry | X'1006' | x | x | x | x | ||
| Create Domain Group | X'1007' | x | x | x | x | ||
| Change Domain Group | X'1008' | x | x | x | x | ||
| Delete Domain Group | X'1009' | x | x | x | x | ||
| Create Crypto Module Group | X'100A' | x | x | x | x | ||
| Change Crypto Module Group | X'100B' | x | x | x | x | ||
| Delete Crypto Module Group | X'100C' | x | x | x | x | ||
| Open Edit TKE Files | X'100D' | x | x | x | x | ||
| Open TKE File Management Utility | X'100E' | x | x | x | x | ||
| Manage Host List | X'100F' | x | x | ||||
| TKE USER | X'8002' | x | x |
KEYMAN1
| ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x | |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | |
| Load First Master Key Part | X'0018' | x | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x | x |
| Clear New Master Key Register | X'0032' | x | x | x | x | x |
| Clear AES New Master Key Register | X'0124' | x | x | |||
| Load First AES Master Key Part | X'0125' | x | x | |||
| Open Cryptographic Node Management Utility | X'1002' | x | x | x |
KEYMAN2
| ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
| ***Required*** 008E Generate Key | X'008E' | x | x | x | x | x |
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | |
| Combine Master Key Parts | X'0019' | x | x | x | x | x |
| Set Master Key | X'001A' | x | x | x | x | x |
| Compute Verification Pattern | X'001D' | x | x | x | x | x |
| Reencipher to Current Master Key | X'0090' | x | x | x | x | x |
| Reencipher to Current Master Key2 | X'00F1' | x | x | |||
| PKA96 Key Token Change | X'0102' | x | x | x | x | x |
| Load Middle/Last AES Master Key Parts | X'0126' | x | x | |||
| Set AES Master Key | X'0128' | x | x | |||
| Open Cryptographic Node Management Utility | X'1002' | x | x | x |
DEFAULT role when initialized for use with passphrase profiles
| ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0, TKE 7.1, TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
|---|---|---|---|---|
| ***Required*** 0047 Change Own Passphrase | X'0047' | x | ||
| ***Required*** 008E Generate Key | X'008E' | x | ||
| ***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | |
| ***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | |
| ***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x |
| ***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||
| ***Required*** 012A Encipher Data Using AES | X'012A' | x | ||
| ***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | |
| ***Required*** 0203 Delete Retained Key | X'0203' | x | x | |
| ***Required*** 027D Permit Regeneration Data | X'027D' | x | ||
| ***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | |
| Compute Verification Pattern | X'001D' | x | x | x |
| Reinitialize Device | X'0111' | x | x | x |
| Export Card Device Certificate | X'02A9' | x | x | x |