8.1 Adding a PIN generation key

You require a PIN Generation key for PINs generated using the EdeficePinGenerator algorithm; this is not required for PINs generated using the RandomPINGenerator algorithm.

To add a PIN Generation key:

  1. From the Configuration category, select Key Manager.
  2. From the Select Key Type to Manage drop-down list, select PIN Generation Key.
  3. Click Next.

  4. Click Add New Key.

  5. Type the Key Name and Description.

    Take a note of the Key Name – you will need it when you set up the credential profile. See section 8.2, Credential profile setup for PIN generation.

  6. Select the type of encryption from the Encryption Type drop-down list.

    Choose one of the following options:

    • 2DES
    • 3DES – the EdeficePinGenerator PIN generator in the current version uses 3DES keys.
    • AES128
    • AES192
    • AES256

  7. Select one of the following options:

    • Automatically Generate Encryption Key in Software and Store on Database – the key is automatically generated and stored in the database.

      Note: If you select this option, you will be unable to share the key with a third party; therefore, you will be unable to generate the PINs outside MyID using the algorithm in section 8.3, EdeficePinGenerator PIN generation algorithm.

    • Encryption Key – type the key into the box. Optionally, you can include the KeyChecksum Value.

    • Automatically Generate Encryption Key on HSM and Store on HSM – this option generates a key on the HSM.

      Note: The HSM options appear only if your system is configured to use an HSM.

    • Existing HSM Key Label – if you have an existing key on your HSM that you want to use, type its label.
    • Use Key Ceremony – click Enter Keys and provide the key in multiple parts. Alternatively, click Import Keys and select a file containing the key ceremony data.

  8. Select the attributes for the key:

  9. Click Save.