The following tables show the ACPs that are assigned to each of the IBM-supplied roles.
SCTKEADM
ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 5.2 | Enabled in release TKE 5.3, TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | ||
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F | x | |||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | ||
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | x | |
***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
Load First Master Key Part | X'0018' | x | x | x | x | x | x |
Combine Master Key Parts | X'0019' | x | x | x | x | x | x |
Set Master Key | X'001A' | x | x | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
Clear New Master Key Register | X'0032' | x | x | x | x | x | x |
Reencipher to Current Master Key | X'0090' | x | x | x | x | x | x |
Reencipher to Current Master Key2 | X'00F1' | x | x | ||||
PKA96 Key Token Change | X'0102' | x | x | x | x | x | x |
One-Way Hash, SHA-1 | X'0107' | x | x | x | x | x | x |
Reset Intrusion Latch | X'010F' | x | x | x | x | x | x |
Set Clock | X'0110' | x | x | x | x | x | x |
Reinitialize Device | X'0111' | x | x | x | x | x | x |
Initialize Access-Control System | X'0112' | x | x | x | x | x | x |
Change User Profile Expiration Date | X'0113' | x | x | x | x | x | x |
Change User Profile Authentication Data | X'0114' | x | x | x | x | x | x |
Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x | x | x |
Delete User Profile | X'0117' | x | x | x | x | x | x |
Delete Role | X'0118' | x | x | x | x | x | x |
Load Function-Control Vector | X'0119' | x | x | x | x | x | x |
Clear Function-Control Vector | X'011A' | x | x | x | x | x | x |
Clear AES New Master Key Register | X'0124' | x | x | ||||
Load First AES Master Key Part | X'0125' | x | x | ||||
Load Middle/Last AES Master Key Parts | X'0126' | x | x | ||||
Set AES Master Key | X'0128' | x | x | ||||
Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
RNX access control point | X'02A2' | x | x | x | x | x | x |
Session Key Master | X'02A3' | x | x | x | x | x | x |
Session Key Slave | X'02A4' | x | x | x | x | x | x |
Import Card Device Certificate | X'02A5' | x | x | x | x | x | |
Import CA Public Certificate | X'02A6' | x | x | x | x | x | |
Master Key Extended | X'02A7' | x | x | x | x | x | x |
Delete Device Retained Key | X'02A8' | x | x | x | x | x | |
Export Card Device Certificate | X'02A9' | x | x | x | x | x | |
Export CA Public Certificate | X'02AA' | x | x | x | x | x | |
Reset Battery Low Indicator | X'030B' | x | x | x | x | x | x |
Open Begin Zone Remote Enroll Process | X'1000' | x | x | x | |||
Open Complete Zone Remote Enroll Process | X'1001' | x | x | x | |||
Open Cryptographic Node Management Utility | X'1002' | x | x | x | |||
Open Smart Card Utility Program | X'1005' | x | x | x | |||
Open Edit TKE Files | X'100D' | x | x | x | |||
Open TKE File Management Utility | X'100E' | x | x | x | |||
TKE USER | X'8002' | x | x |
SCTKEUSR
ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2 | Enabled in release TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | x | x |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | x |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | |||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | ||
***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
Encipher | X'000E' | x | x | x | x | x | x |
Decipher | X'000F' | x | x | x | x | x | x |
Reencipher to Master Key | X'0012' | x | x | x | x | x | x |
Reencipher from Master Key | X'0013' | x | x | x | x | x | x |
Load First Key Part | X'001B' | x | x | x | x | x | x |
Combine Key Parts | X'001C' | x | x | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
Generate Key Set | X'008C' | x | x | x | x | x | x |
PKA96 Digital Signature Verify | X'0101' | x | x | x | x | x | x |
PKA96 Key Import | X'0104' | x | x | x | x | x | x |
PKA Clone Key Generate | X'0204' | x | x | x | x | x | x |
PKA Clear Key Generate | X'0205' | x | x | x | x | x | x |
Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x | x | x |
Combine Diffie-Hellman Key part | X'0251' | x | x | x | x | x | x |
Clear Diffie-Hellman Key values | X'0252' | x | x | x | x | x | x |
Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
Import First AES Key Part (min of 2) | X'0298' | x | x | x | |||
Import Last Required AES Key Part | X'029B' | x | x | x | |||
Import Optional AES Key Part | X'029C' | x | x | x | |||
Complete AES Key Import | X'029D' | x | x | x | |||
Process cleartext ICSF key parts | X'02A0' | x | x | x | x | x | x |
Process enciphered ICSF key parts | X'02A1' | x | x | x | x | x | x |
RNX access control point | X'02A2' | x | x | x | x | x | x |
Session Key Master | X'02A3' | x | x | x | x | x | x |
Session Key Slave | X'02A4' | x | x | x | x | x | x |
Export Card Device Certificate | X'02A9' | x | x | x | x | x | x |
OA Proxy Key Generate | X'0344' | x | x | x | x | x | |
OA Proxy Signature Return | X'0345' | x | x | x | x | x | |
Open Migrate IBM® Host Crypto Module Public Configuration Data | X'1003' | x | x | x | x | ||
Open Configuration Migration Tasks | X'1004' | x | x | x | x | ||
Open Trusted Key Entry | X'1006' | x | x | x | x | ||
Create Domain Group | X'1007' | x | x | x | x | ||
Change Domain Group | X'1008' | x | x | x | x | ||
Delete Domain Group | X'1009' | x | x | x | x | ||
Create Crypto Module Group | X'100A' | x | x | x | x | ||
Change Crypto Module Group | X'100B' | x | x | x | x | ||
Delete Crypto Module Group | X'100C' | x | x | x | x | ||
Open Edit TKE Files | X'100D' | x | x | x | x | ||
Open TKE File Management Utility | X'100E' | x | x | x | x | ||
Manage Host List | X'100F' | x | x | ||||
TKE USER | X'8002' | x | x |
DEFAULT role when initialized for use with smart card profiles
ACP | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 to TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | |||
***Required*** 008E Generate Key | X'008E' | x | x | x | x |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | x | x | x |
***Required*** 012A Encipher Data Using AES | X'012A' | x | |||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x |
***Required*** 027D Permit Regeneration Data | X'027D' | x | |||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | |
Encipher | X'000E' | x | x | x | x |
Decipher | X'000F' | x | x | x | x |
Generate MAC | X'0010' | x | x | x | x |
Verify MAC | X'0011' | x | x | x | x |
Reencipher to Master Key | X'0012' | x | x | x | x |
Reencipher from Master Key | X'0013' | x | x | x | x |
Load First Master Key Part | X'0018' | x | x | x | x |
Combine Master Key Parts | X'0019' | x | x | x | x |
Set Master Key | X'001A' | x | x | x | x |
Load First Key Part | X'001B' | x | x | x | x |
Combine Key Parts | X'001C' | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x |
Translate Key | X'001F' | x | x | x | x |
Generate Random Master Key | X'0020' | x | x | x | x |
Clear New Master Key Register | X'0032' | x | x | x | x |
Clear Old Master Key Register | X'0033' | x | x | x | x |
Generate Diversified Key (CLR8-ENC) | X'0040' | x | x | x | x |
Generate Diversified Key (TDES-ENC) | X'0041' | x | x | x | x |
Generate Diversified Key (TDES-DEC) | X'0042' | x | x | x | x |
Generate Diversified Key (SESS-XOR) | X'0043' | x | x | x | x |
Enable DKG Single Length Keys and Equal Halves for TDES-ENC, TDES-DEC | X'0044' | x | x | x | x |
Load First Asymmetric Master Key Part | X'0053' | x | x | x | x |
Combine PKA Master Key Parts | X'0054' | x | x | x | x |
Set Asymmetric Master Key | X'0057' | x | x | x | x |
Clear New Asymmetric Master Key Buffer | X'0060' | x | x | x | x |
Clear Old Asymmetric Master Key Buffer | X'0061' | x | x | x | x |
Generate MDC | X'008A' | x | x | x | x |
Generate Key Set | X'008C' | x | x | x | x |
Reencipher to Current Master Key | X'0090' | x | x | x | x |
Generate Clear 3624 PIN | X'00A0' | x | x | x | x |
Generate Clear 3624 PIN Offset | X'00A4' | x | x | x | x |
Verify Encrypted 3624 PIN | X'00AB' | x | x | x | x |
Verify Encrypted German Bank Pool PIN | X'00AC' | x | x | x | x |
Verify Encrypted VISA PVV | X'00AD' | x | x | x | x |
Verify Encrypted InterBank PIN | X'00AE' | x | x | x | x |
Format and Encrypt PIN | X'00AF' | x | x | x | x |
Generate Formatted and Encrypted 3624 PIN | X'00B0' | x | x | x | x |
Generate Formatted and Encrypted German Bank Pool PIN | X'00B1' | x | x | x | x |
Generate Formatted and Encrypted InterBank PIN | X'00B2' | x | x | x | x |
Translate PIN with No Format-Control to No Format-Control | X'00B3' | x | x | x | x |
Reformat PIN with No Format-Control to No Format-Control | X'00B7' | x | x | x | x |
Generate Clear VISA PVV Alternate | X'00BB' | x | x | x | x |
Encipher Under Master Key | X'00C3' | x | x | x | x |
Lower Export Authority | X'00CD' | x | x | x | x |
Translate Control Vector | X'00D6' | x | x | x | x |
Generate Key Set Extended | X'00D7' | x | x | x | x |
Encipher/Decipher Cryptovariable | X'00DA' | x | x | x | x |
Replicate Key | X'00DB' | x | x | x | x |
Generate CVV | X'00DF' | x | x | x | x |
Verify CVV | X'00E0' | x | x | x | x |
Unique Key Per Transaction, ANSI X9.24 | X'00E1' | x | x | x | x |
Reencipher to Current Master Key2 | X'00F1' | x | x | ||
PKA96 Digital Signature Verify | X'0101' | x | x | x | x |
PKA96 Key Token Change | X'0102' | x | x | x | x |
PKA96 Key Import | X'0104' | x | x | x | x |
Symmetric Key Export PKCS-1.2/OAEP | X'0105' | x | x | x | x |
Symmetric Key Import PKCS-1.2/OAEP | X'0106' | x | x | x | x |
One-Way Hash, SHA-1 | X'0107' | x | x | x | x |
Data Key Import | X'0109' | x | x | x | x |
Data Key Export | X'010A' | x | x | x | x |
Compose SET Block | X'010B' | x | x | x | x |
Decompose SET Block | X'010C' | x | x | x | x |
PKA92 Symmetric Key Generate | X'010D' | x | x | x | x |
NL-EPP-5 Symmetric Key Generate | X'010E' | x | x | x | x |
Reset Intrusion Latch | X'010F' | x | x | x | x |
Set Clock | X'0110' | x | x | x | x |
Reinitialize Device | X'0111' | x | x | x | x |
Initialize Access-Control System | X'0112' | x | x | x | x |
Change User Profile Expiration Date | X'0113' | x | x | x | x |
Change User Profile Authentication Data | X'0114' | x | x | x | x |
Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x |
Delete User Profile | X'0117' | x | x | x | x |
Delete Role | X'0118' | x | x | x | x |
Load Function-Control Vector | X'0119' | x | x | x | x |
Clear Function-Control Vector | X'011A' | x | x | x | x |
Force User Logoff | X'011B' | x | x | x | x |
Set EID | X'011C' | x | x | x | x |
Initialize Master Key Cloning | X'011D' | x | x | x | x |
RSA Encipher Clear Key | X'011E' | x | x | x | x |
Generate Random Asymmetric Master Key | X'0120' | x | x | x | x |
SET PIN Encrypt with IPINENC | X'0121' | x | x | x | x |
SET PIN Encrypt with OPINENC | X'0122' | x | x | x | x |
Clear AES New Master Key Register | X'0124' | x | x | ||
Load First AES Master Key Part | X'0125' | x | x | ||
Load Middle/Last AES Master Key Parts | X'0126' | x | x | ||
Set AES Master Key | X'0128' | x | x | ||
PKA Register Public Key Hash | X'0200' | x | x | x | x |
PKA Public Key Register with Cloning | X'0201' | x | x | x | x |
PKA Public Key Register | X'0202' | x | x | x | x |
PKA Clone Key Generate | X'0204' | x | x | x | x |
PKA Clear Key Generate | X'0205' | x | x | x | x |
Clone-info (share) Obtain 1 | X'0211' | x | x | x | x |
Clone-info (share) Obtain 2 | X'0212' | x | x | x | x |
Clone-info (share) Obtain 3 | X'0213' | x | x | x | x |
Clone-info (share) Obtain 4 | X'0214' | x | x | x | x |
Clone-info (share) Obtain 5 | X'0215' | x | x | x | x |
Clone-info (share) Obtain 6 | X'0216' | x | x | x | x |
Clone-info (share) Obtain 7 | X'0217' | x | x | x | x |
Clone-info (share) Obtain 8 | X'0218' | x | x | x | x |
Clone-info (share) Obtain 9 | X'0219' | x | x | x | x |
Clone-info (share) Obtain 10 | X'021A' | x | x | x | x |
Clone-info (share) Obtain 11 | X'021B' | x | x | x | x |
Clone-info (share) Obtain 12 | X'021C' | x | x | x | x |
Clone-info (share) Obtain 13 | X'021D' | x | x | x | x |
Clone-info (share) Obtain 14 | X'021E' | x | x | x | x |
Clone-info (share) Obtain 15 | X'021F' | x | x | x | x |
Clone-info (share) Install 1 | X'0221' | x | x | x | x |
Clone-info (share) Install 2 | X'0222' | x | x | x | x |
Clone-info (share) Install 3 | X'0223' | x | x | x | x |
Clone-info (share) Install 4 | X'0224' | x | x | x | x |
Clone-info (share) Install 5 | X'0225' | x | x | x | x |
Clone-info (share) Install 6 | X'0226' | x | x | x | x |
Clone-info (share) Install 7 | X'0227' | x | x | x | x |
Clone-info (share) Install 8 | X'0228' | x | x | x | x |
Clone-info (share) Install 9 | X'0229' | x | x | x | x |
Clone-info (share) Install 10 | X'022A' | x | x | x | x |
Clone-info (share) Install 11 | X'022B' | x | x | x | x |
Clone-info (share) Install 12 | X'022C' | x | x | x | x |
Clone-info (share) Install 13 | X'022D' | x | x | x | x |
Clone-info (share) Install 14 | X'022E' | x | x | x | x |
Clone-info (share) Install 15 | X'022F' | x | x | x | x |
List Retained Key | X'0230' | x | x | x | x |
Generate Clear NL-PIN-1 Offset | X'0231' | x | x | x | x |
Verify Encrypted NL-PIN-1 | X'0232' | x | x | x | x |
PKA92 Symmetric Key Import | X'0235' | x | x | x | x |
PKA92 Symmetric Key Import with PIN keys | X'0236' | x | x | x | x |
ZERO-PAD Symmetric Key Generate | X'023C' | x | x | x | x |
ZERO-PAD Symmetric Key Import | X'023D' | x | x | x | x |
ZERO-PAD Symmetric Key Export | X'023E' | x | x | x | x |
Symmetric Key Generate PKCS-1.2/OAEP | X'023F' | x | x | x | x |
Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x |
Combine Diffie-Hellman Key part | X'0251' | x | x | x | x |
Clear Diffie-Hellman Key values | X'0252' | x | x | x | x |
Unrestrict Reencipher from Master Key | X'0276' | x | x | x | x |
Unrestrict Data Key Export | X'0277' | x | x | x | x |
Add Key Part | X'0278' | x | x | x | x |
Complete Key Part | X'0279' | x | x | x | x |
Unrestrict Combine Key Parts | X'027A' | x | x | x | x |
Unrestrict Reencipher to Master Key | X'027B' | x | x | x | x |
Unrestrict Data Key Import | X'027C' | x | x | x | x |
Generate Diversified Key (DALL with DKYGENKY Key Type) | X'0290' | x | x | x | x |
Generate CSC-5, 4 and 3 Values | X'0291' | x | x | x | x |
Verify CSC-3 Values | X'0292' | x | x | x | x |
Verify CSC-4 Values | X'0293' | x | x | x | x |
Verify CSC-5 Values | X'0294' | x | x | x | x |
Process cleartext ICSF key parts | X'02A0' | x | x | x | x |
Process enciphered ICSF key parts | X'02A1' | x | x | x | x |
RNX access control point | X'02A2' | x | x | x | x |
Session Key Master | X'02A3' | x | x | x | x |
Session Key Slave | X'02A4' | x | x | x | x |
Import Card Device Certificate | X'02A5' | x | x | x | x |
Import CA Public Certificate | X'02A6' | x | x | x | x |
Master Key Extended | X'02A7' | x | x | x | x |
Delete Device Retained Key | X'02A8' | x | x | x | x |
Export Card Device Certificate | X'02A9' | x | x | x | x |
Export CA Public Certificate | X'02AA' | x | x | x | x |
Reset Battery Low Indicator | X'030B' | x | x | x | x |
TKEADM
TKEADM - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 5.2 | Enabled in release TKE 5.3, TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1, TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
***Required*** 008E Generate Key | X'008E' | x | ||||
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | ||
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | ||
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | ||
Compute Verification Pattern | X'001D' | x | x | x | x | x |
One-Way Hash, SHA-1 | X'0107' | x | x | x | x | x |
Reset Intrusion Latch | X'010F' | x | x | x | x | x |
Set Clock | X'0110' | x | x | x | x | x |
Reinitialize Device | X'0111' | x | x | x | x | x |
Initialize Access-Control System | X'0112' | x | x | x | x | x |
Change User Profile Expiration Date | X'0113' | x | x | x | x | x |
Change User Profile Authentication Data | X'0114' | x | x | x | x | x |
Reset User Profile Logon-Attempt-Failure Count | X'0115' | x | x | x | x | x |
Delete User Profile | X'0117' | x | x | x | x | x |
Delete Role | X'0118' | x | x | x | x | x |
Load Function-Control Vector | X'0119' | x | x | x | x | x |
Clear Function-Control Vector | X'011A' | x | x | x | x | x |
Import Card Device Certificate | X'02A5' | x | x | x | x | |
Import CA Public Certificate | X'02A6' | x | x | x | x | |
Delete Device Retained Key | X'02A8' | x | x | x | x | |
Export Card Device Certificate | X'02A9' | x | x | x | x | |
Export CA Public Certificate | X'02AA' | x | x | x | x | |
Reset Battery Low Indicator | X'030B' | x | x | x | x | x |
Open Begin Zone Remote Enroll Process | X'1000' | x | x | |||
Open Complete Zone Remote Enroll Process | X'1001' | x | x | |||
Open Cryptographic Node Management Utility | X'1002' | x | x | |||
Open Smart Card Utility Program | X'1005' | x | x | |||
Open Edit TKE Files | X'100D' | x | x | |||
Open TKE File Management Utility | X'100E' | x | x | |||
TKE USER | X'8002' | x | x |
TKEUSER
TKEUSER - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2 | Enabled in release TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | |||||
***Required*** 008E Generate Key | X'008E' | x | x | x | x | x | x |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | x | x |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | x | x |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | |||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | |||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | ||
***Required*** 027D Permit Regeneration Data | X'027D' | x | |||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | ||
Encipher | X'000E' | x | x | x | x | x | x |
Decipher | X'000F' | x | x | x | x | x | x |
Reencipher to Master Key | X'0012' | x | x | x | x | x | x |
Reencipher from Master Key | X'0013' | x | x | x | x | x | x |
Load First Key Part | X'001B' | x | x | x | x | x | x |
Combine Key Parts | X'001C' | x | x | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x | x | x |
Generate Key Set | X'008C' | x | x | x | x | x | x |
PKA96 Digital Signature Verify | X'0101' | x | x | x | x | x | x |
PKA96 Key Import | X'0104' | x | x | x | x | x | x |
PKA Clone Key Generate | X'0204' | x | x | x | x | x | x |
PKA Clear Key Generate | X'0205' | x | x | x | x | x | x |
Load Diffie-Hellman Key mod/gen | X'0250' | x | x | x | x | x | x |
Combine Diffie-Hellman Key part | X'0251' | x | x | x | x | x | x |
Clear Diffie-Hellman Key values | X'0252' | x | x | x | x | x | x |
Unrestrict Combine Key Parts | X'027A' | x | x | x | x | x | x |
Import First AES Key Part (min of 2) | X'0298' | x | x | x | |||
Import Last Required AES Key Part | X'029B' | x | x | x | |||
Import Optional AES Key Part | X'029C' | x | x | x | |||
Complete AES Key Import | X'029D' | x | x | x | |||
Process cleartext ICSF key parts | X'02A0' | x | x | x | x | x | x |
Process enciphered ICSF key parts | X'02A1' | x | x | x | x | x | x |
RNX access control point | X'02A2' | x | x | x | x | x | x |
Session Key Master | X'02A3' | x | x | x | x | x | x |
Session Key Slave | X'02A4' | x | x | x | x | x | x |
Export Card Device Certificate | X'02A9' | x | x | x | x | x | x |
OA Proxy Key Generate | X'0344' | x | x | x | x | x | |
OA Proxy Signature Return | X'0345' | x | x | x | x | x | |
Open Migrate IBM Host Crypto Module Public Configuration Data | X'1003' | x | x | x | x | ||
Open Configuration Migration Tasks | X'1004' | x | x | x | x | ||
Open Smart Card Utility Program | X'1005' | x | x | x | x | ||
Open Trusted Key Entry | X'1006' | x | x | x | x | ||
Create Domain Group | X'1007' | x | x | x | x | ||
Change Domain Group | X'1008' | x | x | x | x | ||
Delete Domain Group | X'1009' | x | x | x | x | ||
Create Crypto Module Group | X'100A' | x | x | x | x | ||
Change Crypto Module Group | X'100B' | x | x | x | x | ||
Delete Crypto Module Group | X'100C' | x | x | x | x | ||
Open Edit TKE Files | X'100D' | x | x | x | x | ||
Open TKE File Management Utility | X'100E' | x | x | x | x | ||
Manage Host List | X'100F' | x | x | ||||
TKE USER | X'8002' | x | x |
KEYMAN1
ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
***Required*** 008E Generate Key | X'008E' | x | x | x | x | |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | |
Load First Master Key Part | X'0018' | x | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x | x |
Clear New Master Key Register | X'0032' | x | x | x | x | x |
Clear AES New Master Key Register | X'0124' | x | x | |||
Load First AES Master Key Part | X'0125' | x | x | |||
Open Cryptographic Node Management Utility | X'1002' | x | x | x |
KEYMAN2
ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0 | Enabled in release TKE 7.1 | Enabled in release TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | ||||
***Required*** 008E Generate Key | X'008E' | x | x | x | x | x |
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | x | x | |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | x | x | |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||||
***Required*** 012A Encipher Data Using AES | X'012A' | x | ||||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | x | x | |
***Required*** 027D Permit Regeneration Data | X'027D' | x | ||||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | x | x | |
Combine Master Key Parts | X'0019' | x | x | x | x | x |
Set Master Key | X'001A' | x | x | x | x | x |
Compute Verification Pattern | X'001D' | x | x | x | x | x |
Reencipher to Current Master Key | X'0090' | x | x | x | x | x |
Reencipher to Current Master Key2 | X'00F1' | x | x | |||
PKA96 Key Token Change | X'0102' | x | x | x | x | x |
Load Middle/Last AES Master Key Parts | X'0126' | x | x | |||
Set AES Master Key | X'0128' | x | x | |||
Open Cryptographic Node Management Utility | X'1002' | x | x | x |
DEFAULT role when initialized for use with passphrase profiles
ACP - Current description | Numeric value | Enabled in release TKE 5.0 to TKE 6.0 | Enabled in release TKE 7.0, TKE 7.1, TKE 7.2, TKE 7.3 | Enabled in release TKE 8.0 |
---|---|---|---|---|
***Required*** 0047 Change Own Passphrase | X'0047' | x | ||
***Required*** 008E Generate Key | X'008E' | x | ||
***Required*** 0100 PKA96 Digital Signature Generate | X'0100' | x | x | |
***Required*** 0103 PKA96 Key Generate | X'0103' | x | x | |
***Required*** 0116 Read Public Access-Control Information | X'0116' | x | x | x |
***Required*** 011F RSA Decipher Clear Key | X'011F' | x | ||
***Required*** 012A Encipher Data Using AES | X'012A' | x | ||
***Required*** 012B Symmetric Algorithm Decipher - secure AES keys | X'012B' | x | x | |
***Required*** 0203 Delete Retained Key | X'0203' | x | x | |
***Required*** 027D Permit Regeneration Data | X'027D' | x | ||
***Required*** 027E Permit Regeneration Data For Retained Keys | X'027E' | x | x | |
Compute Verification Pattern | X'001D' | x | x | x |
Reinitialize Device | X'0111' | x | x | x |
Export Card Device Certificate | X'02A9' | x | x | x |