The values for the DES and PKA master keys are calculated
in this manner:
- ICSF appends a two-byte constant, X'AB45', to the pass
phrase, and generates the MD5 hash for the string by using an initial
hash value of X'23A0BE487D9BD32003424FAAA34BCE00'. The first
eight bytes of the result of this calculation become the last
eight bytes of the PKA signature master key and the last eight
bytes of the calculation become the last eight bytes of the PKA
key management master key.
- ICSF generates the DES master key value by appending a four-byte
constant, X'551B1B1B', to the pass phrase, and generating
the MD5 hash for the string using the hash that results from Step
1 as the initial hash value.
- ICSF appends a three-byte constant, X'2A2A88', to the
pass phrase and generates the MD5 hash for the string using the output
hash of Step 2 as the initial hash value. The result of this calculation
becomes the first 16 bytes of PKA signature master key.
- ICSF appends a one-byte constant, X'94' to the pass
phrase, and generates the MD5 hash for the string using the output
hash of Step 3 as the initial hash value. The result of this calculation
becomes the first 16 bytes of the PKA key management master key.
- ICSF appends a five-byte constant X'C1C5E2D4D2' to the
pass phrase, and generates the SHA-256 hash for the string using the
output hash of Step 4 as the initial hash value. The result of this
calculation becomes the 32-byte AES master key.
- ICSF appends a seven-byte constant X'C5D3D3C9D7E2C5' to the pass
phrase and generates the SHA-256 hash for the string using the output
hash of Step 5 as the initial hash value. The result of this calculation
becomes the 32-byte ECC master key.
Note:
If the SMK=KMMK option is selected or defaulted,
the KMMK is not used.
|