hsm

What is the functionality of ZMK or ZCMK in HSM?


I want to know in brief about Zone Master Key or Zone Control Master Key in Hardware/Host Security Module.Can someone explain please?


Solution

  • Zone Master Key(ZMK) is just another Des key. It is used to provide encryption and safe transfer of keys in Zone that area that encompasses 2 different HSMs.

    HSM <-> Zone <-> HSM

    If you want to transfer a key between HSMs you have to have the same ZMK in each HSM. Transferred keys are encrypted under ZMK outside of HSM so ZMK is an important key and it is generally transferred between HSMs in 3 component form. Firstly generate a ZMK key, Export ZMK in 3 components, and send those components to other HSM with 3 different key officers. When key officers imported those 3 components to other Hsm you are ready to send your keys to other HSM. You export your key under this ZMK and send your key (XKeyUnderZMK) key to another HSM. They could import your key to their HSM because they have the same ZMK.