Copy smart cards

z/OS Cryptographic Services ICSF TKE Workstation User's Guide
SA23-2211-08


This function allows you to copy keys and key parts from one TKE smart card to another TKE smart card. You can copy these types of keys:

• Crypto adapter logon key
• TKE authority signature key
• ICSF operational key parts
• ICSF master key parts
• Crypto adapter master key parts

Notes:

1. The two TKE smart cards must be enrolled in the same zone; otherwise the copy will fail. To display the zone of a TKE smart card, exit from the TKE application and use either the Cryptographic Node Management Utility or the Smart Card Utility Program found in the Trusted Key Entry category's Applications list on the TKE Workstation Console. See Cryptographic Node Management Utility (CNM) or Smart Card Utility Program (SCUP).
2. To copy ECC key parts, the applet version of the target smart card must be 0.6 or greater.

To copy a smart card:

1. Select Copy smart card contents... from the Utilities menu. A message box prompts you to “Insert source TKE smart card in smart card reader 1”.
2. Insert the source TKE smart card in smart card reader 1 and press OK. A message box prompts you to “Insert target TKE smart card in smart card reader 2”.
3. Insert the target TKE smart card in smart card reader 2 and press OK. The utility reads the TKE smart card contents. This may take some time. The card ID is displayed, followed by the card description. Verify that these are the TKE smart cards you want to work with.
   The Copy smart card contents window lists the following information for a TKE smart card:
   

   Card ID

   Identification of TKE smart card

   Zone description

   Description of the zone in which the TKE smart card is enrolled

   Card description

   Description of the TKE smart card; entered when the smart card was personalized

   Card contents

   Key type, Description, Origin, MDC4, SHA1, ENC-Zero, AES-VP, Control Vector or Key Attributes (for operational keys only), and Length.

4. Highlight the keys that you want to copy. By holding down the control button on the keyboard, you can select specific entries on the list with your mouse. By holding down the shift button on the keyboard, you can select a specific range of entries on the list with your mouse. Click on the Copy button or right click and select Copy.
   Note:

   Smart card copy does not overwrite the target TKE smart card. If there is not enough room on the target TKE smart card, you will get an error message. You can either delete some of the keys on the target TKE smart card (see Manage smart cards) or use a different TKE smart card.
   Figure 86. Select keys to copy

   
5. At the prompts, enter the PINs for the TKE smart cards on the smart card reader PIN pads. The keys will then be copied to the target TKE smart card. The target TKE smart card contents panel is refreshed.

Note:

You can display the key attributes associated with a CIPHER, EXPORTER, or IMPORTER AES operational key part stored on either the source or target smart card. Left click to select the key part, then right click to display a popup menu. Select the Display key attributes option to display the key attributes.