Key Migration from ProtectToolkit-C V4.1
ProtectToolkit-C version 4.1 has introduced new key wrapping mechanisms to support algorithms that meet the minimum key requirements for NIST 2010.
The old algorithms are still supported, but may be disabled if the HSM is operating in FIPS mode.
The smart card and file backups data contains version information that allows the ctkmu or KMU to determine what mechanism should be applied to import that keys.
The ctkmu and KMU will by default produce backup images using the new mechanisms. The ctkmu utility has a -3 option that will cause it to create backup images using the older mechanism so that they can be imported into an older HSM.