To enter a master key or operational key manually, you enter key parts. When you enter a key part, ICSF displays a verification pattern for that key part on a panel. To verify that you entered the key part correctly, you can use the value of the key part you enter to calculate the verification pattern. Check that the verification pattern you calculate matches the verification ICSF calculates.

To calculate this verification pattern, use this algorithm:

1. If the key part is an operational key part, exclusive OR the key part with the control vector for the key part's key type. See Appendix B. Control Vector Table, for a listing of control vectors by key type. If the key part is a master key part, do not exclusive OR it with a control vector.
2. Use the DES algorithm to encrypt the left half of the key part (either master key part or modified operational key part) under the key 4545 4545 4545 4545.
3. Exclusive OR the result of step 2 with the left half of the key part.
4. Use the result of step 3 as the DES key in the DES algorithm to encrypt the right half of the key part.
5. Exclusive OR the result of step 4 with the right half of the key part.

The resulting 64-bit value is the verification pattern.

The verification pattern for the master key appears on the Coprocessor Selection and Hardware Status panels. If a master key register is full, the panels display the master key verification pattern. The verification patterns for two identical master keys are the same. You can use the verification patterns to verify that master keys in two different key storage units are the same.

ICSF records a master key verification pattern in the SMF record when you enter a master key part or activate a master key. The ICSF SMF record also records a verification pattern when you enter an operational key part.