Clarification on the use of Key block Version ID with Thales HSM

MaXbeMan

6/6/24, 9:20 AM

Clarification on the use of Key block Version ID
For the first time since we migrated to the Key Block we are exchanging keys with third parties, The keys were all generated by choosing Key Scheme "S". During export as Key Scheme of ZMK we selected "R". One of the counterparts is experiencing problems and they believe to be in the "Key Block version ID". From our analysis all the keys have as "Key Block version ID" the value "A"; from the Thales documentation it seems not to be possible to modify this value when the export is made through console. Instead, you can parameterize it in the export host command.

Why are all keys output with "A"?

is a default value? How this value impact on the usage of key?

It seems strange that it is not editable during export from console

1 + 0

key-derivation

key-exchange

key-generation

Score:1

Crypto

MrPyMmdrza

6/6/24, 12:22 PM

The Key Block version ID (also known as the Key Check Value or KCV) is a value that is generated during the key export process and is used as a checksum to verify the integrity of the exported key. The value A that you mentioned is a default value assigned by Thales when exporting keys.

The Key Block version ID is not directly editable during the export process from the console because it is automatically generated based on the exported key data. However, you may have the ability to specify or configure the Key Block version ID when using the export host command. The impact of the Key Block version ID on the usage of the key depends on how it is being used by the third party and their systems. In some cases, the Key Block version ID may be used to validate that the exported key matches the expected format and version. If the third party is experiencing problems, it's possible that they have specific requirements or expectations for the Key Block version ID. To resolve the issue, you should communicate with the third party and understand their specific requirements for the Key Block version ID. If necessary, you can work with them to adjust the export host command or explore alternative methods to export the keys with the desired Key Block version ID.

It's important to consult the Thales documentation or reach out to their support team for detailed information on how to handle the Key Block version ID and any limitations or customization options specific to your environment.

+ 1

MaXbeMan

6/6/24, 1:04 PM

Thanks Mr; is there a link between the parameters setting during the generation phase and the KeyBlock version ID used for export?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Clarification on the use of Key block Version ID with Thales HSM

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.