Use the ICSF panels to display the coprocessor role for the coprocessor.
All the access control points enabled will be listed.
- Select option 1, COPROCESSOR MGMT, on the Primary Option panel,
as shown in Figure 189.
Figure 189. Selecting for Coprocessor Status on the Primary Menu Panel
CSF@PRIM ----- Integrated Cryptographic Service Facility ---------
OPTION ===> 1
Enter the number of the desired option.
1 COPROCESSOR MGMT - Management of Cryptographic Coprocessors
2 MASTER KEY MGMT - Master key set or change, CKDS/PKDS processing
3 OPSTAT - Installation options
4 ADMINCNTL - Administrative Control Functions
5 UTILITY - ICSF Utilities
6 PPINIT - Pass Phrase Master Key/KDS Initialization
7 TKE - TKE Master and Operational key processing
8 KGUP - Key Generator Utility processes
9 UDX MGMT - Management of User Defined Extensions
Licensed Materials - Property of IBM
5694-A01 (C) Copyright IBM Corp. 1990, 2011. All rights reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Press ENTER to go to the selected option.
Press END to exit to the previous menu.
- The Coprocessor Management panel appears. Refer to Figure 190.
Figure 190. Coprocessor Management Panel
CSFGCMP0 ---------------- ICSF Coprocessor Management -------------
COMMAND ===>
Select the coprocessors to be processed and press ENTER.
Action characters are: A, D, E, K, R, and S. See the help panel for details.
Serial
CoProcessor Number Status AES DES ECC RSA
----------- --------- ------ --- --- --- ----
__ H00 ACTIVE
__ G01 00000001 ONLINE U U U U
__ G02 00000002 ACTIVE C U U C
__ G03 00000003 ACTIVE C U A C
R G04 00000004 ACTIVE C C A C
__ G05 00000005 ONLINE U C E U
__ E06 00000006 ACTIVE C C - C
__ G07 00000007 OFFLINE
- Select the PCIXCC, CEX2C, or CEX3C by entering an 'R'
to the left of the coprocessor. Press enter and the Status Display
panel appears (Figure 191).
Figure 191. Coprocessor Role Status Displayed for a system without TKE connected
CSFCMP30 ---------------- ICSF Status Display -------------
COMMAND ===>
Enabled access control points from the default role for X02, domain 0.
Access Control Manager - Read role
Authorize UDX
Clear Key Import/Multiple Clear Key Import - DES
Clear New AES Master Key
Clear New DES Master Key Register
Clear new ECC Master Key Register
Clear new RSA Master Key Register
Clear PIN Encrypt
Clear PIN Generate - GBP
Clear PIN Generate - Interbank
Clear PIN Generate - VISA PVV
Clear PIN Generate - 3624
Clear PIN Generate Alternate - VISA PVV
Clear PIN Generate Alternate - 3624 Offset
Combine AES Master Key Parts
Combine DES Master Key Parts
Combine RSA Master Key Parts
Control Vector Translate
Cryptographic Variable Encipher
Data Key Export
Data Key Export - Unrestricted
Data Key Import
Data Key Import - Unrestricted
Decipher - DES
Digital Signature Generate
Digital Signature Verify
Diversified Key Generate - single length or same halves
Diversified Key Generate - CLR8-ENC
Diversified Key Generate - SESS-XOR
Diversified Key Generate - TDES-DEC
Diversified Key Generate - TDES-ENC
Diversified Key Generate - TDES-XOR
Diversified Key Generate - TDESEMV2/TDESEMV4
DATAM Key Management Control
DES Key Token Change
Encipher - DES
Encrypted PIN Generate - GBP
Encrypted PIN Generate - Interbank
Encrypted PIN Generate - 3624
Encrypted PIN Translate - Reformat
Encrypted PIN Translate - Translate
Encrypted PIN Verify - GBP
Encrypted PIN Verify - Interbank
Encrypted PIN Verify - VISA PVV
Encrypted PIN Verify - 3624
Generate CVV
Key Export
Key Export - Unrestricted
Key Generate - OP,IM,EX
Key Generate - OPIM,OPEX,IMEX,etc.
Key Generate - OPIM,OPEX,IMEX,etc. extended
Key Generate - SINGLE-R
Figure 192. Coprocessor Role Status Displayed for a system without TKE connected - part 2
CSFCMP30 ---------------- ICSF Status Display -------------
COMMAND ===>
Key Import
Key Import - Unrestricted
Key Part Import - first key part
Key Part Import - middle and last
Key Part Import - ADD-PART
Key Part Import - COMPLETE
Key Part Import - RETRKPR
Key Part Import - Unrestricted
Key Test
Key Translate
Load First AES Master Key Part
Load First DES Master Key Part
Load First ECC Master Key Part
Load First RSA Master Key Part
Load Middle or Last ECC Master Key Part
Multiple Clear Key Import/Multiple Secure Key Import - AES
MAC Generate
MAC Verify
NOCV KEK usage for export-related functions
NOCV KEK usage for import-related functions
Prohibit Export
Prohibit Export Extended
PCF CKDS conversion utility
PIN Change/Unblock - change EMV PIN with IPINENC
PIN Change/Unblock - change EMV PIN with OPINENC
PKA Decrypt
PKA Encrypt
PKA Key Generate
PKA Key Generate - Clear
PKA Key Generate - Clone
PKA Key Generate - Permit Regeneration Data
PKA Key Generate - Permit Regeneration Data Retain
PKA Key Import
PKA Key Import - Import an External Trusted Block
PKA Key Token Change RTCMK
PKA Key Translate - from source EXP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target IMP KEK
PKA Key Translate - from CCA RSA to SC CRT Format
PKA Key Translate - from CCA RSA to SC ME Format
PKA Key Translate - from CCA RSA to SC Visa Format
Reencipher CKDS
Remote Key Export - Gen or export a non-CCA node Key
Retained Key Delete
Retained Key List
Secure Key Import - DES,IM
Secure Key Import - DES,OP
Secure Messaging for Keys
Secure Messaging for PINs
Figure 193. Coprocessor Role Status Displayed for a system without TKE connected – part 3
Set AES Master Key
Set DES Master Key
Set ECC Master Key
Set RSA Master Key
Symmetric Algorithm Decipher - secure AES keys
Symmetric Algorithm Encipher - secure AES keys
Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Export - AES, ZERO-PAD
Symmetric Key Export - DES, PKCS-1.2
Symmetric Key Export - DES, ZERO-PAD
Symmetric Key Generate - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Generate - AES, ZERO-PAD
Symmetric Key Generate - DES, PKA92
Symmetric Key Generate - DES, PKCS-1.2
Symmetric Key Generate - DES, ZERO-PAD
Symmetric Key Import - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Import - AES, ZERO-PAD
Symmetric Key Import - DES, PKA92 KEK
Symmetric Key Import - DES, PKCS-1.2
Symmetric Key Import - DES, ZERO-PAD
SET Block Compose
SET Block Decompose
SET Block Decompose - PIN Extension IPINENC
SET Block Decompose - PIN Extension OPINENC
Transaction Validation - Generate
Transaction Validation - Verify CSC-3
Transaction Validation - Verify CSC-4
Transaction Validation - Verify CSC-5
Trusted Block Create - Activate an Inactive Block
Trusted Block Create - Create Block in Inactive form
UKPT - PIN Verify, PIN Translate
Verify CVV
|