What is the functionality of ZMK or ZCMK in HSM? - hsm

I want to know in brief about Zone Master Key or Zone Control Master Key in Hardware/Host Security Module.Can someone explain please?

Zone Master Key(ZMK) is just another Des key. It is used to provide encryption and safe transfer of keys in Zone that area that encompasses 2 different HSMs.
HSM <-> Zone <-> HSM
If you want to transfer a key between HSMs you have to have the same ZMK in each HSM. Transferred keys are encrypted under ZMK outside of HSM so ZMK is an important key and it is generally transferred between HSMs in 3 component form.
Firstly generate a ZMK key, Export ZMK in 3 components, and send those components to other HSM with 3 different key officers. When key officers imported those 3 components to other Hsm you are ready to send your keys to other HSM.
You export your key under this ZMK and send your key (XKeyUnderZMK) key to another HSM. They could import your key to their HSM because they have the same ZMK.

Related

Is there a way to get the check digits of card master key or the session key used for arqc calculation from the chip card?

ARQC validation is not working, I understand there could be several reasons for that, I need to first confirm I have the correct issuer master key. Is it possible to get the check digits of the key(used in arqc generation) from the chip application
Yeah tough to analyze and correct, but unfortunately, KCV is available only for certification authority public key, not for card key or session key.

Editing or deleting a key ring from the console

This a newbie security/console question...I created a key ring in my project in a specific (wrong) location, Europe.
I can't see any way in the console to edit or even delete a key ring. The key ring is completely empty...no keys in it.
How can I edit/delete a key ring?
Sorry, you can't delete or rename keys or key rings. We were concerned about the security implications of allowing multiple keys or key versions over time to have the same resource name, so we decided to make names immutable. (And you can't delete them, because we wouldn't be able to do a true deletion--there would still have to be a tombstone tracking that this name had been used and couldn't be reused).
We're aware that this can make things untidy, but we have no immediate plans to change this.
If you want to avoid getting billed for a key or otherwise make it unavailable, you can do so by deleting all the key versions; neither keys nor key rings are billed for, just the active key versions within the keys.
Thanks for your question and for using GCP and Cloud KMS!
Interesting. For comparison on AWS keys have unique IDs and there is a separate resource to alias names to ids.
Your question: How can I edit/delete a key ring?
Visit Destroy a key version. You can destroy an enabled or disabled key version. You may also disable and enable the KMS API. I just did it.

How to organize external API database relation keys in a database design?

I'm the sole developer of a football (soccer) website. Due to that, I bought access to a Football API that provides football data for all competitions my favorite team is in.
This API exposes what looks like database primary and foreign keys in their results. Fetching data is also done by integer IDs. The query string of a normal request would look like this:
?Action=commentaries&match_id=[MATCH_ID]
How should I store these kinds of API primary and foreign keys in my own database design? Does it make sense to adopt their MATCH_ID as the primary key in my own Match table, should I store it as a foreign key, or should I do this entirely different? Are there any best practices on external data dependencies?
This one API is the sole datasource at the moment, but that might change in the future.

couchbase per user data approach

having a bit of trouble finding the correct way to model per user data in couchbase and sync up via couchbase mobile for user specific data. In couchdb you have a separate database per user. What is the best approach in couchbase ?
In Couchbase there is no such thing as "user data". Its generic and open for your designs.
Normally when you design your object domain model for Couchbase you would inject metadata in your key structure.
For example:
Key for Account: "Acc#123456789" - where prefix "Acc#" is telling about type of the key, and "123456789" adds particular address instance of this key...resulting in the unique key.
Similarly if you want to encode associated address to the account, you'd architect the following key: "Acc#123456789#Addr" - where postfix "#Addr" identifies type of the key for address object
Now, if you want to have user specific keys, you just simply inject user identifier into the key value (from the example above):
key "Acc#123456789" will transform to "usr#12345#Acc#123456789"
key "Acc#123456789#Addr" will transform to "usr#12345#Acc#123456789#Addr"
Read more on Couchbase data modeling here and keys and metadata
You can create your documents in that way which can able to ease the retrieve all related entity. e.g.
Create your documents with user_{Guid} consider Guid as your UserID
Make all other related document with this same Guid like credential_{Guid} so when user logged in we can have userID in session and get all information of that user.

html5- mismatch in key value in session and local storage

Is the local storage stores all keys and values in common. ie., if i use a key called counter in one page and same key counter is used in another page to store a value, whether first one overwrites the next one??? how it works actually??
i found it. for each domain you can have only one key with a name. for example: for 199.63.166.222/localwebsite.html , it stores a key name Name , and if i use same key in 199.63.166.222/private.html this will overwrite the value previously stored from localwebsite.html ; this is due to both pages are from same domain.