It is highly recommended that the KMMK, SMK and ASYM-MK be equal.
This will facilitate migration to new features on crypto hardware.
If you are a new user and using Pass Phrase Initialization, ensure
that you answer Y for Signature MK = Key Management MK? on Figure 11. If using Clear Key Entry, make sure that you enter
the same value for your SMK and KMMK.
If you are an existing user and for some reason your KMMK does
not equal the SMK and ASYM-MK, you should follow this procedure. You
must have a PCICC on your system.
- Disable PKA services (see Steps for enabling and disabling PKA services).
- Determine the value of the SMK
- If you used Pass Phrase Initialization, go to the main menu and
and choose option 5, UTILITY. Select option 5, PPKEYS.
Figure 73. ICSF Utilities Panel
CSFUTL00 ---------------- ICSF - Utilities --------------------------
OPTION ===> 5
Enter the number of the desired option.
1 ENCODE - Encode data
2 DECODE - Decode data
3 RANDOM - Generate a random number
4 CHECKSUM - Generate a checksum and verification and
hash pattern
5 PPKEYS - Generate master key values from a pass phrase
6 PKDSKEYS - Manage keys in the PKDS
The Master Key Values from Pass Phrase panel appears
(Figure 74).
Figure 74. ICSF Master Key Values from Pass Phrase Panel
CSFPPM00 ------------ ICSF - Master Key Values from Pass Phrase -----
Pass Phrase ( 16 to 64 characters)
==>_________________________________________________________________
Signature/Asymmetric-keys master key : 0000000000000000
: 0000000000000000
: 0000000000000000
Key Management master key : 0000000000000000
: 0000000000000000
: 0000000000000000
Enter the previously used pass phrase and your SMK and
KMMK values will be displayed.
- If you used Master Key entry, you must retrieve the value from
your written files.
- Use the value of the SMK as the new KMMK and ASYM-MK values (see PKA master keys and the PKDS).
- Reencipher and Activate the PKDS (see Steps for reenciphering and refreshing the PKDS).
|