payShield 10K Installation and User Guide
©Thales Group
Page 305
All Rights Reserved
Example 2:
(Triple-length
Variant LMK)
This example loads a triple-length Variant LMK from smartcards and installs it
as 'old' LMK 00.
Secure-AUTH>
LO
<Return>
Enter LMK id:
00
<Return>
Enter comments:
Old LMK for Process System One
<Return>
Load old LMK from components or shares
Insert card and press ENTER:
<Return>
Enter PIN:
********
<Return>
Check: AAAAAA
Load more components? [Y/N]:
Y
<Return>
Remove the smartcard. Insert the second and subsequent
smartcards and repeat the loading procedure until all old
component sets have been loaded. When all components have
been loaded and the HSM displays the LMK Check value,
ensure that this is the expected value.
LMK Check: ZZZZZZ
LMK id: 00
LMK key scheme: Variant
LMK algorithm: 3DES (3key)
LMK status: Live
Comments: Old LMK for Process System One
Confirm details? [Y/N]:
Y
<Return>
Secure-AUTH>
Example 3:
(Double- or triple-
length Variant
LMK)
This example attempts to load a non-Test LMK using a single component
when the security setting to enforce multiple components has been set to
YES.
Secure-AUTH>
LO
<Return>
Enter LMK id:
00
<Return>
Enter comments:
Old LMK for ABC Bank
<Return>
Load old LMK from components or shares
Insert card and press ENTER:
<Return>
Enter PIN:
********
<Return>
Check: AAAAAA
Load more components? [Y/N]:
N
<Return>
Check: AAAAAA
Invalid key - Multiple key components required
Secure-AUTH>
Example 4:
(3DES Key Block
LMK)
This example loads a 3DES key block LMK from smartcards and installs it as
'old' LMK 01.
Secure-AUTH>
LO
<Return>
Enter LMK id:
01
<Return>
Enter comments:
Old LMK for XYZ Bank
<Return>
Load old LMK from components or shares
Insert card and press ENTER:
<Return>
Enter PIN:
********
<Return>
Check: AAAAAA
Load more components? [Y/N]:
Y
<Return>
Remove the smartcard. Insert the second and subsequent
smartcards and repeat the loading procedure until all old
component sets have been loaded. When all components have
been loaded and the HSM displays the LMK Check value,
ensure that this is the expected value.