I'm reading PayShield docs and have stumbled upon a question regarding key management and LMK when importing keys:
- PayShield can store up to 20 LMKs. When performing commands (like A6 - Import a Key), how does the HSM know which LMK to use? As a parameter it only asks for a key type, but aren't key types the same for different LMKs (considering they're all variant)?
- Command import a key asks you to provide key already encrypted under ZMK, for example when transferring a key from one HSM to another. Is there a way to import plaintext unencrypted keys into an HSM? For example, I think of some random sequence and then try to import it into HSM. If not, can you somehow encrypt it under ZMK or must all such new keys be generated using appropriate HSM command?