What is the functionality of ZMK or ZCMK in HSM?

hsm
Md. Ilyas Hasan Mamun picture Md. Ilyas Hasan Mamun · Feb 24, 2017 · Viewed 12.2k times · Source

I want to know in brief about Zone Master Key or Zone Control Master Key in Hardware/Host Security Module.Can someone explain please?

Answer

Ahmet Arslan picture Ahmet Arslan · Feb 25, 2017

Zone Master Key(ZMK) is just another Des key. It is used to transfer keys between HSMs.

HSM <-> Zone <-> HSM

If you want to transfer a key between HSMs you have to have same ZMK in each HSM. Transfered keys are encrypted under ZMK outside of HSM so ZMK is important key and it generally transfered between HSMs in 3 component form. Firstly generate a ZMK key, Export ZMK in 3 components and send those components to other HSM with 3 different key officers. When key officers imported those 3 components to other Hsm you are ready to send your keys to other hsm. You export your key under this ZMK and send your key (XKeyUnderZMK) key to other HSM. They could import your key to their HSM because they have same zmk.

Related questions

Digital Signing using certificate and key from USB token

I want to sign a file using the user's key and certificate from a USB token (dongle). I have been searching on this for sometime, on stackoverflow and other sites, but didn't get anything useful apart from some good capabilities …

Read More
Software security Module/ toolkit replacing HSM for developing crypto functions

I worked and completed a PKI project which used a HSM for generating - storing keys and performing crypto functions. I used PKCS#11 to interface with our application for sigining/verifying and encryption/decryption. Our platform is windows. Now we …

Read More
How to generate certificate if private key is in HSM?

I often use openssl to generate RSA key and certificate. But now i encounter a problem. openssl x509 -req require private key as input. But now we're using HSM to protect private key and I'll never be able to touch …

Read More