Once an LMTK is stored, it is possible to start storing TMKs under it. For more information on storing an LMTK, see the previous section. A wrapped TMK can be unwrapped and stored using the following steps:
After the LTMK has been stored, select the Store ANSI X9241 Key radio button.
Change the Key Algorithm and Key Type for this key. The following is an example of loading a TDES TMK.
Provide the wrapped TMK (hex-encoded) in the Encrypted Key field; the KCV for the TMK; the Bank ID to associate with the TMK, the token reference of the LTMK received when you previously stored the LTMK in the Parent Token field, and the necessary SAKA information (DID, Username, Password). The user must have KMC privilege, Decryption privilege, and Encryption privilege to authenticate to this web service.
Optionally, supply a Terminal ID to associate with this key, a Terminal Type to associate with this key, and any Notes to associate with this key.
When all required fields have been filled, the Submit button becomes enabled.
Click Submit. If successful, a message appears: “Successfully stored ANSI X9241 Key.”
Record the token returned in the output. SAKA uses this value to identify this LTMK.
NOTE: If you do not record the value now, you will have to store the LTMK all over again to use it for later operations. |
Following the same steps used in this section, a TPK can be loaded under the TMK by selecting the TPK Key Type and replacing the Parent Token with the token returned when the TMK was successfully stored. The user privileges and all other mechanics remain the same between loading a TMK or TPK.