IBM Crypto Education Community

I'm trying to generate a DES key pair

key form: OPEX

key len: double-o

key type 1: exporter

key type 2: importer

key id 2: a label for an EXPORTER key 

the rest of the fields have low values.

I'm getting return 8 reason 39 (decimal) CV violation.

The only think I can think of is that the label I provided does not point to a key with some proper attribute.

Key Attributes                                                     
 Algorithm:      DES            Key type:        EXPORTER          
 Length (bits):  192            Key check value: xxxxxx    ENC-ZERO
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT

Key Management: WRAPENH2 XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG      

Can anyone help me find what I'm missing?

Sincerely,

Hello Mark -

Because your key len is double-o, your wrapping kek must also be double-o or triple-o.  The double-o or triple-o key lengths guarentee that the key parts are unique by turning on the "parts guaranteed unique" bit in the control vector. 

Key Attributes                                                         
 Algorithm:      DES            Key type:        EXPORTER              
 Length (bits):  192            Key check value: 70C982    ENC-ZERO    
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT                
                                                                       
 Key Management: WRAPENH2 TRIPLE-O XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG 

If you change key len to DOUBLE, your test should work.

I'm trying to generate a DES key pair

key form: OPEX

key len: double-o

key type 1: exporter

key type 2: importer

key id 2: a label for an EXPORTER key 

the rest of the fields have low values.

I'm getting return 8 reason 39 (decimal) CV violation.

The only think I can think of is that the label I provided does not point to a key with some proper attribute.

Key Attributes                                                     
 Algorithm:      DES            Key type:        EXPORTER          
 Length (bits):  192            Key check value: xxxxxx    ENC-ZERO
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT

Key Management: WRAPENH2 XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG      

Can anyone help me find what I'm missing?

Sincerely,

My export key in this case was created through ICSFPAN interface 8.1  (KGUP Control Statement Menu / Maintain)

I ADD a DES key with a LABEL and specify three unique key values. (Three of four values I retrieved from the screen for the RANDOM function of ODD values)  I'd think this qualifies for a TRIPLE-O type of key.

I can't also specify a length.  The panel gives me an error length, no matter the value I used.  I left it blank.

Where on this screen would I specify the TRIPLE-O parameter?  The resulting key did not get the TRIPLE-O attribute when it is created through this interface.

Sincerely,

------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC

Original Message:
Sent: Wed February 28, 2024 09:19 AM
From: Eleanor Chan
Subject: I could use a little help with KGN (Key Gen)

Hello Mark -

Because your key len is double-o, your wrapping kek must also be double-o or triple-o.  The double-o or triple-o key lengths guarentee that the key parts are unique by turning on the "parts guaranteed unique" bit in the control vector. 

Key Attributes                                                         
 Algorithm:      DES            Key type:        EXPORTER              
 Length (bits):  192            Key check value: 70C982    ENC-ZERO    
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT                
                                                                       
 Key Management: WRAPENH2 TRIPLE-O XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG 

If you change key len to DOUBLE, your test should work.

------------------------------
Eleanor Chan

Original Message:
Sent: Tue February 27, 2024 05:50 PM
From: Mark Vollmer
Subject: I could use a little help with KGN (Key Gen)

I'm trying to generate a DES key pair

key form: OPEX

key len: double-o

key type 1: exporter

key type 2: importer

key id 2: a label for an EXPORTER key 

the rest of the fields have low values.

I'm getting return 8 reason 39 (decimal) CV violation.

The only think I can think of is that the label I provided does not point to a key with some proper attribute.

Key Attributes                                                     
 Algorithm:      DES            Key type:        EXPORTER          
 Length (bits):  192            Key check value: xxxxxx    ENC-ZERO
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT

Key Management: WRAPENH2 XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG      

Can anyone help me find what I'm missing?

Sincerely,

------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC
------------------------------

Sample KGUP statements:

ADD TYPE(EXPORTER) CLEAR $TRIPLEO,                       
 KEY(4343434343434343,2C2C2C2C2C2C2C2C,1616161616161616),
 LAB(TEST.EXPORTER.TRIPLEO.CLEAR)                       

Not all keywords are available through the KGUP panel.  See the ICSF Administrator's Guide for additional keywords not available through the panel.
------------------------------
Eleanor Chan

Original Message:
Sent: Wed February 28, 2024 09:51 AM
From: Mark Vollmer
Subject: I could use a little help with KGN (Key Gen)

My export key in this case was created through ICSFPAN interface 8.1  (KGUP Control Statement Menu / Maintain)

I ADD a DES key with a LABEL and specify three unique key values. (Three of four values I retrieved from the screen for the RANDOM function of ODD values)  I'd think this qualifies for a TRIPLE-O type of key.

I can't also specify a length.  The panel gives me an error length, no matter the value I used.  I left it blank.

Where on this screen would I specify the TRIPLE-O parameter?  The resulting key did not get the TRIPLE-O attribute when it is created through this interface.

Sincerely,

------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC

Original Message:
Sent: Wed February 28, 2024 09:19 AM
From: Eleanor Chan
Subject: I could use a little help with KGN (Key Gen)

Hello Mark -

Because your key len is double-o, your wrapping kek must also be double-o or triple-o.  The double-o or triple-o key lengths guarentee that the key parts are unique by turning on the "parts guaranteed unique" bit in the control vector. 

Key Attributes                                                         
 Algorithm:      DES            Key type:        EXPORTER              
 Length (bits):  192            Key check value: 70C982    ENC-ZERO    
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT                
                                                                       
 Key Management: WRAPENH2 TRIPLE-O XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG 

If you change key len to DOUBLE, your test should work.

------------------------------
Eleanor Chan

Original Message:
Sent: Tue February 27, 2024 05:50 PM
From: Mark Vollmer
Subject: I could use a little help with KGN (Key Gen)

I'm trying to generate a DES key pair

key form: OPEX

key len: double-o

key type 1: exporter

key type 2: importer

key id 2: a label for an EXPORTER key 

the rest of the fields have low values.

I'm getting return 8 reason 39 (decimal) CV violation.

The only think I can think of is that the label I provided does not point to a key with some proper attribute.

Key Attributes                                                     
 Algorithm:      DES            Key type:        EXPORTER          
 Length (bits):  192            Key check value: xxxxxx    ENC-ZERO
 Key Usage:      GEN-IMEX GEN-OPEX GEN-EXEX EXPORT

Key Management: WRAPENH2 XPORT-OK ENH-ONLY T31XPTOK NOCMPTAG      

Can anyone help me find what I'm missing?

Sincerely,

------------------------------
Mark Vollmer
Developer, but does everything.
CV Systems, LLC
------------------------------