IBM Crypto Education Community

  • 1.  I could use a little help with KGN (Key Gen)

    Posted Tue February 27, 2024 06:07 PM

    I'm trying to generate a DES key pair

    key form: OPEX

    key len: double-o

    key type 1: exporter

    key type 2: importer

    key id 2: a label for an EXPORTER key 

    the rest of the fields have low values.

    I'm getting return 8 reason 39 (decimal) CV violation.

    The only think I can think of is that the label I provided does not point to a key with some proper attribute.

    Key Attributes                                                     
     Algorithm:      DES            Key type:        EXPORTER          
     Length (bits):  192            Key check value: xxxxxx    ENC-ZERO
     Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT

    Key Management: WRAPENH2 XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG      

    Can anyone help me find what I'm missing?

    Sincerely,



    ------------------------------
    Mark Vollmer
    Developer, but does everything.
    CV Systems, LLC
    ------------------------------


  • 2.  RE: I could use a little help with KGN (Key Gen)

    Posted Wed February 28, 2024 09:20 AM

    Hello Mark -

    Because your key len is double-o, your wrapping kek must also be double-o or triple-o.  The double-o or triple-o key lengths guarentee that the key parts are unique by turning on the "parts guaranteed unique" bit in the control vector. 

    Key Attributes                                                         
     Algorithm:      DES            Key type:        EXPORTER              
     Length (bits):  192            Key check value: 70C982    ENC-ZERO    
     Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT                
                                                                           
     Key Management: WRAPENH2 TRIPLE-O XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG 

    If you change key len to DOUBLE, your test should work.



    ------------------------------
    Eleanor Chan
    ------------------------------



  • 3.  RE: I could use a little help with KGN (Key Gen)

    Posted Wed February 28, 2024 10:05 AM

    My export key in this case was created through ICSFPAN interface 8.1  (KGUP Control Statement Menu / Maintain)

    I ADD a DES key with a LABEL and specify three unique key values. (Three of four values I retrieved from the screen for the RANDOM function of ODD values)  I'd think this qualifies for a TRIPLE-O type of key.

    I can't also specify a length.  The panel gives me an error length, no matter the value I used.  I left it blank.

    Where on this screen would I specify the TRIPLE-O parameter?  The resulting key did not get the TRIPLE-O attribute when it is created through this interface.

    Sincerely,



    ------------------------------
    Mark Vollmer
    Developer, but does everything.
    CV Systems, LLC
    ------------------------------



  • 4.  RE: I could use a little help with KGN (Key Gen)

    Posted Wed February 28, 2024 10:11 AM
    Edited by Eleanor Chan Wed February 28, 2024 10:11 AM

    Sample KGUP statements:

    ADD TYPE(EXPORTER) CLEAR $TRIPLEO,                       
     KEY(4343434343434343,2C2C2C2C2C2C2C2C,1616161616161616),
     LAB(TEST.EXPORTER.TRIPLEO.CLEAR)                       


    Not all keywords are available through the KGUP panel.  See the ICSF Administrator's Guide for additional keywords not available through the panel.
    ------------------------------
    Eleanor Chan
    ------------------------------



  • 5.  RE: I could use a little help with KGN (Key Gen)

    Posted Wed February 28, 2024 10:35 AM

    Ms Chan,

    Thanks very much.   I did not get the idea that I should create the cards from the 8.1 screen, and then edit those cards elsewhere to add the $TRIPLEO and perhaps other attributes to the dataset.  And then come back into the ICSFPAN 8 KGUP feature to submit the job.

    I so appreciate all this help. 

    Thanks again.

    Sincerely,



    ------------------------------
    Mark Vollmer
    Developer, but does everything.
    CV Systems, LLC
    ------------------------------