generate keys

Jul 5, 2016 at 8:58 AM
Dear all,

I am a newbie to Thales HSM.

I need three 128 bits keys, TPK, TMK and base key. TPK and TMK need to transmit from server side to client side over network. Therefore will be encrypted before transmission. TPK will be encrypted by TMK and TMK will be encrypted by base key. Base key will be send to client manully. Client side cannot communicate with HSM.

I am not sure how to generate above 3 keys from HSM. Is it using A0, HC, combination of both or some other commands? Is the TMK and TPK generated from HSM are in encrypted form or I need to encrypt by myself before transmit over the network. If in encrypted form, is it possible to follow the algorithm, base[TMK[TPK]], mentioned above.

Thanks in advance for all your helps.

Best regards,
Jul 5, 2016 at 9:25 AM
In addition to previous post, plain form TPK will be used to encrypt data in client side.

Secondly, I am afraid keys' terminology will confuse my description on my previous post, actually I need 3 keys from HSM. Key2 and Key3 will send from server side to client side over the network. Key2 and Key3 will be encrypted before the transmission. Key3 is encrypted by Key2 and Key2 will be encrypted by Key1, Key1[Key2[Key3]].

Best regards,