Chapter 5
Developing and Administering Financial Services
143
Note –
Only FSSOs can initiate the commands listed in
TABLE 5-26
, and each
command must be entered with a direct input device.
TABLE 5-26
Financial Services Administrative Commands
Command
Description
key input
Enters the MFK or the KEKs. The direct input device must be used to enter this
command.
load mfk
Initiates the MFK key installation. After issuing this command, you can enter the
respective key component and log out. Subsequent
FSSO
s can then log in and
enter this command and enter their key component. Once the minimum number
of components (default 2) have been entered, the key is considered pending and
the device is disabled for everything other than key translation requests.
Unique FSSOs must enter each component, otherwise an error is reported.
The MFK is an AES key and must be either 192 or 256 bits in length. This
requires that the key components input with the direct input device be either 48
or 64 bytes in length.
enable mfk
Activates a new MFK and deletes the old one. Use this command after all
applications have translated their keys under the new MFK.
cancel mfk
Cancels the MFK. Must be initiated before entering all of the MFK components.
delete mfk
Deletes the MFK. Must be done before enabling a pending MFK. If there is a
previously enabled MFK, the board reverts to it.
load kek
Installs a KEK. You are prompted for a key label to associate with the key. The
KEK is installed in component form similar to the MFK, so after entering the first
component, you can log off. Additional security officers can then log in and enter
their respective components, then log off.
Unique FSSOs must enter each component otherwise an error is returned.
A KEK is a DES key and must be either 128 bits (2DES) or 192 bit (3DES) in
length. This requires that the key components input with the direct input device
be either 36 or 48 bytes in length.
cancel kek
Cancels a KEK. Must be done while entering a KEK and before all components
are entered.
Note that KEKs are only temporarily stored on the board. Once an application
retrieves the object, it is deleted. Additionally, KEKs are not preserved during a
board reset.
Содержание Crypto Accelerator 6000 Board
Страница 1: ...Sun Crypto Accelerator 6000 Board Version 1 1 User s Guide Part No E39851 01 February 2013...
Страница 16: ...xvi Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 18: ...xviii Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 21: ...Preface xxi...
Страница 22: ...xxii Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 54: ...32 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 118: ...96 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 210: ...188 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 228: ...206 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 242: ...220 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 256: ...234 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 260: ...238 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...
Страница 266: ...244 Sun Crypto Accelerator 6000 Board User s Guide for Version 1 1 February 2013...