The Key Authorization Menu Functions
The Key Authorization menu provides the following functions:
# | Function | Description |
---|---|---|
(210) | Authorize Key |
Authorize the current key for use. Provide the previously set authentication to unlock the key for the current session. |
(211) | Set Authorization Data |
Owner of the key sets the authorization (password) for that key. This session activity is not viewable by CO, CU, LCU, or anyone other than the actual key owner. This is effectively a "change password" operation, and requires knowing the current authorization. |
(212) | Reset Authorization Data |
CO resets the authorization for the key (password) on behalf of a key owner who has lost/forgotten the authorization for her/his key. This operation does not require possession of the key authorization secret or password. |
(213) | Assign Key |
When LCO has generated a key with assigned=0, extractable=0, sensitive=1, modifiable=0, the CO can change it to state assigned=1 giving sole control over that key to the User who owns it. This allows keys to be imported to the HSM and then signed (note: once assigned, a key cannot be exported ). |