Original Message:
Sent: Fri April 28, 2023 04:29 PM
From: Mark Vollmer
Subject: Could use some pointers on a Key Gen failed call
Follow up question...
I was successful in the BKGN call. OPEX (IMPORTER/EXPORTER). I provided a skeleton token for both keys. In the key build calls I did specify DOUBLE-O. Yet for some reason after the BKGN call is made the keys created do not have the DOUBLE-O attribute on the resulting keys.
For the EX/EXPORTER key, I performed an KIM(Key Import) using the corresponding import key used on the ID2 part of the BKGN call to get it back into internal form.
Create two tokens, one internal importer, one external exporter, both DOUBLE-O.
BKGN with OPEX IMPORTER, EXPORTER and the two token templates I just built.
BKIM to import the external EXPORTER key to get it into internal format.
Browsing CKDS, I find neither key has the DOUBLE-O attribute.
Either I'm doing something wrong, or what I want done can be completed this way.
Any thoughts would be appreciated.
Sincerely,
Mark Vollmer
All of my calls completed with zeroes.
But because I had specified DOUBLE-O on the key token build calls, I expected to see that attribute on the resulting keys generated.
Note: Using DES double length keys for everything at this time.
------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC
Original Message:
Sent: Thu April 27, 2023 06:29 PM
From: Mark Vollmer
Subject: Could use some pointers on a Key Gen failed call
Thanks very much. Creating a KEK with a DOUBLE-O attribute did indeed get me past this problem.
Thanks for the hint. And thanks to Roan Dawkins for helping me navigate to more features under ICSF to help diagnose my problem.
I hope to return the favors some day.
------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC
Original Message:
Sent: Thu April 27, 2023 05:27 PM
From: Eleanor Chan
Subject: Could use some pointers on a Key Gen failed call
The Key Management attributes for KEK_key_identifier_2 should list DOUBLE-O
Key Attributes
Algorithm: DES Key type: EXPORTER
Length (bits): 128 Key check value: EEDDD5 ENC-ZERO
Key Usage: GEN-IMEX GEN-OPEX GEN-EXEX EXPORT
Key Management: WRAP-ECB DOUBLE-O XPORT-OK T31XPTOK NOCMPTAG
------------------------------
Eleanor Chan
Original Message:
Sent: Thu April 27, 2023 09:00 AM
From: Eleanor Chan
Subject: Could use some pointers on a Key Gen failed call
Try using a KEK that's also DOUBLE-O or TRIPLE-O in the KEK_key_identifier_2 parameter.
------------------------------
Eleanor Chan
Original Message:
Sent: Wed April 26, 2023 03:33 PM
From: Mark Vollmer
Subject: Could use some pointers on a Key Gen failed call
I'm using BKGN to make a DES pair of keys using form OPEX, key types IMPORTER EXPORTER, key length DOUBLE-O. I've passed an exporter key label for the key id 2 for an internal token exporter key, and low values for the key id1. I've also set low values for both the generated key id values. I get back a 8/39 (A Control Vector Violation) error code for the call.
I've tried to pass a token I built (using key token build) in the gen key id 2 field, but that didn't change my error.
I'm just trying to build a key pair of importer & exporter matching keys.
I've read through the BKGN documentation several times. I'm missing something. I just can't see it.
Anyone who can point me in the right direction would be appreciated.
Thanks,
-Mark Vollmer
------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC
------------------------------