Without a TKE, I don't think there is any other method. If you do have a TKE, there is a very nice and very secure method of completely cloning everything from one crypto card to another one. This was added a couple of releases ago. Here is the beginning of the description from the current TKE user's guide (which I just retrieved from Resource Link):
------------------------------- Configuration migration The TKE workstation provides tools to securely capture host crypto module configuration data to a file, and then reapply this data to another host crypto module or crypto module group. The data that can be securely captured includes roles, authorities, domain control settings, and master keys. These tools simplify the task of installing new or replacement host crypto modules, and can be used for backup and disaster recovery as well. Two tools are provided: one that migrates only public configuration data (roles, authorities, domain control settings) and one that migrates all configuration data, including secret data, such as master key values. The protocol for migrating secret data is more complex than the protocol for migrating only public data, and requires the participation of several smart card holders. ------------------------------- Todd Arnold ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
