Key Labels for Dependent LU Encryption
The key label when implementing session level encryption for dependent
LU sessions uses the the following naming convention:
CM@LU@IM.mynet1.cpnamea.puname.locaddr- CM is a constant prefix
- @ is a constant delimiter
- LU identifies an LU key-encrypting key
- IM identifies an importer key-encrypting key
- netid1.cpname1 is the fully qualified name of the local node where the key-encrypting key will be used
- puname is the PU name of the subarea or DLUR PU, as configured in Communications Server
- locaddr is the network addressable unit address or local address of the dependent LU. It has to be of the form nnn with possible values from 1 to 255 (for example, 001, 002, 003, . . ., 255)
Note:
For encryption of dependent LU sessions you only
need importer KEKs in the Communications Server node, because LUA sessions are always
secondary.