CCA Release 2.54 Key_Import
Key_Import (CSNBKIM)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
The Key_Import verb imports a source DES key enciphered by the IMPORTER
key-encrypting-key into a target internal key-token. The imported target-key is
returned enciphered using the symmetric master-key.
Specify the following:
Key_type
A keyword for the key type. Use of the TOKEN keyword is the preferred coding
style. For compatibility with older systems, however, you can explicitly name a
key type, in which case the key type must match the key type encoded in the
control vector of the source key-token.
source_key_token
An external key-token or an encrypted external key to be imported. When you
import an enciphered key that is not in an external key-token, the key must be
located at offset 16 (X'10') of a null key-token. (The first byte of a null
key-token is X'00'.)
importer_key_identifier
An IMPORTER key-encrypting-key under which the target key is deciphered.
target_key_identifier
An internal or null key-token, or the key label of an internal or null key-token
record in key storage.
The verb builds or updates the target key-token as follows:
If the source key is not in an external key-token,
– You must specify an explicit key type (not TOKEN).
– The default CV for the key type is used when decrypting the source key.
– The default CV for the key type is used when encrypting the target key.
– The target key-token must either be null or must contain valid,
non-conflicting information.
The key token is returned to the application or key storage with the imported
key.
If the source key is in an external key-token:
– When an explicit key type keyword other than TOKEN is used, it must be
consistent with the key type encoded in the source-key control vector.
– The control vector in the source key-token is used in decrypting the source
key.
– The control vector in the source key-token is used in encrypting the source
key under the master key. Note that a source key having the default
external DATA control vector (8 or 16 bytes of X'00') will result in a target
key with the default internal DATA control vector.
The key token is returned to the application or key storage with the imported
key.
Chapter 5. DES Key-Management 5-51
