z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Tables

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

  1. ICSF Callable Services Naming Conventions
  2. Standard Return Code Values From ICSF Callable Services
  3. Descriptions of Key Types
  4. Summary of Data Encryption Standard Bits
  5. Combinations of the Callable Services
  6. Summary of ICSF Callable Services
  7. Summary of PKA Key Token Sections
  8. Summary of PKA Callable Services
  9. Summary of PKCS #11 callable services
  10. Clear key import required hardware
  11. Control vector generate required hardware
  12. Keywords for Control Vector Translate
  13. Control vector translate required hardware
  14. Cryptographic variable encipher required hardware
  15. Required access control points for Data key export
  16. Data key export required hardware
  17. Required access control points for Data key import
  18. Data key import required hardware
  19. Rule Array Keywords for Diversified Key Generate
  20. Required access control points for Diversified Key Generate
  21. Diversified key generate required hardware
  22. Keywords for ECC Diffie-Hellman
  23. Valid key bit lengths and minimum curve size required for the supported output key types.
  24. ECC Diffie-Hellman required hardware
  25. Required access control points for Key Export
  26. Key export required hardware
  27. Key Form Values for the Key Generate Callable Service
  28. Key Length Values for the Key Generate Callable Service
  29. Key lengths for DES keys - CCF systems
  30. Key lengths for DES keys - PCIXCC/CEX2C/CEX3C systems
  31. Key lengths for AES keys - CEX2C/CEX3C systems
  32. Required access control points for Key Generate
  33. Key Generate Valid Key Types and Key Forms for a Single Key
  34. Key Generate Valid Key Types and Key Forms for a Key Pair
  35. Key generate required hardware
  36. Keywords for Key Generate2 Control Information
  37. Keywords and associated algorithms for key_type_1 parameter
  38. Keywords and associated algorithms for key_type_2 parameter
  39. Key Generate2 valid key type and key form for one key
  40. Key Generate2 Valid key type and key forms for two keys
  41. AES KEK strength required for generating an HMAC key under an AES KEK
  42. Required access control points for Key Generate2
  43. Key Generate2 required hardware
  44. Required access control points for Key Import
  45. Key import required hardware
  46. Keywords for Key Part Import Control Information
  47. Required access control points for Key Part Import
  48. Key part import required hardware
  49. Keywords for Key Part Import2 Control Information
  50. Required access control points for Key Part Import2
  51. Key Part Import2 required hardware
  52. Keywords for Key Test Control Information
  53. Key test required hardware
  54. Keywords for Key Test2 Control Information
  55. Key Test2 required hardware
  56. Keywords for Key Test Extended Control Information
  57. Key test extended required hardware
  58. Key type keywords for key token build
  59. Keywords for Key Token Build Control Information
  60. Key types and field lengths for AES keys
  61. Control Vector Generate and Key Token Build Control Vector Keyword Combinations
  62. Key token build required hardware
  63. Keywords for Key Token Build2 Control Information
  64. Key Token Build2 required hardware
  65. Key translate required hardware
  66. Key Translate2 Access Control Points
  67. Key Translate2 required hardware
  68. Keywords for Multiple Clear Key Import Rule Array Control Information
  69. Required access control points for Multiple Clear Key Import
  70. Multiple clear key import required hardware
  71. Keywords for Multiple Secure Key Import Rule Array Control Information
  72. Required access control points for Multiple Secure Key Import
  73. Multiple secure key import required hardware
  74. Keywords for PKA Decrypt
  75. PKA decrypt required hardware
  76. Keywords for PKA Encrypt
  77. PKA encrypt required hardware
  78. Prohibit export required hardware
  79. Prohibit export extended required hardware
  80. Keywords for the Form Parameter
  81. Keywords for Random Number Generate Control Information
  82. Random number generate required hardware
  83. Structure of values used by RKX
  84. Values defined for hash algorithm identifier at offset 24 in the structure for remote key export
  85. Transport_key_identifer used by RKX
  86. Examination of key token for source_key_identifier
  87. Remote key export required hardware
  88. Keywords for Restrict Key Attribute Control Information
  89. Restrict Key Attribute required hardware
  90. Required access control points for Secure Key Import
  91. Secure key import required hardware
  92. Keywords for Secure Key Import2 Control Information
  93. Required access control points for Secure Key Import2
  94. Secure Key Import2 required hardware
  95. Keywords for Symmetric Key Export Control Information
  96. AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER
  97. Minimum RSA modulus strength required to contain a PKOAEP2 block when exporting an AES key
  98. Minimum RSA modulus length to adequately protect an AES key
  99. Required access control points for Symmetric Key Export
  100. Symmetric key export required hardware
  101. Keywords for Symmetric Key Generate Control Information
  102. Required access control points for Symmetric Key Generate
  103. Symmetric key generate required hardware
  104. Keywords for Symmetric Key Import Control Information
  105. Required access control points for Symmetric Key Import
  106. Symmetric key import required hardware
  107. Keywords for Symmetric Key Import2 Control Information
  108. PKCS#1 OAEP encoded message layout (PKOAEP2)
  109. Symmetric Key Import2 Access Control Points
  110. Symmetric key import2 required hardware
  111. Transform CDMF key required hardware
  112. Rule_array keywords for Trusted Block Create (CSNDTBC)
  113. Required access control points for Trusted Block Create
  114. Trusted Block Create required hardware
  115. Keywords for TR-31 Export Rule Array Control Information
  116. TR-31 export required hardware
  117. Keywords for TR-31 Import Rule Array Control Information
  118. Export attributes of an imported CCA token
  119. TR-31 export required hardware
  120. TR-31 Optional Data Build required hardware
  121. Keywords for TR-31 Optional Data Read Rule Array Control Information
  122. TR-31 Optional Data Read required hardware
  123. TR-31 Parse required hardware
  124. Keywords for User Derived Key Control Information
  125. User derived key required hardware
  126. Ciphertext translate required hardware
  127. Keywords for the Decipher Rule Array Control Information
  128. Decipher required hardware
  129. Decode required hardware
  130. Keywords for the Encipher Rule Array Control Information
  131. Encipher required hardware
  132. Encode required hardware
  133. Symmetric Algorithm Decipher Rule Array Keywords
  134. Symmetric Algorithm Decipher required hardware
  135. Symmetric Algorithm Encipher Rule Array Keywords
  136. Symmetric Algorithm Encipher required hardware
  137. Symmetric Key Decipher Rule Array Keywords
  138. Required access control points for Symmetric Key Decipher
  139. Symmetric Key Decipher required hardware
  140. Symmetric Key Encipher Rule Array Keywords
  141. Required access control points for Symmetric Key Encipher
  142. Symmetric Key Encipher required hardware
  143. Keywords for HMAC Generate Control Information
  144. HMAC Generate Access Control Points
  145. HMAC generate required hardware
  146. Keywords for HMAC Verify Control Information
  147. HMAC Verify Access Control Points
  148. HMAC generate required hardware
  149. Keywords for MAC generate Control Information
  150. MAC generate required hardware
  151. Keywords for MAC verify Control Information
  152. MAC verify required hardware
  153. Keywords for MDC Generate Control Information
  154. MDC generate required hardware
  155. Keywords for One-Way Hash Generate Rule Array Control Information
  156. One-way hash generate required hardware
  157. Keywords for symmetric MAC generate control information
  158. Symmetric MAC generate required hardware
  159. Keywords for symmetric MAC verify control information
  160. Symmetric MAC verify required hardware
  161. ANSI X9.8 PIN - Allow only ANSI PIN blocks
  162. Format of a PIN Profile
  163. Format Values of PIN Blocks
  164. PIN Block Format and PIN Extraction Method Keywords
  165. Callable Services Affected by Enhanced PIN Security Mode
  166. Format of a Pad Digit
  167. Pad Digits for PIN Block Formats
  168. Format of the Current Key Serial Number Field
  169. Process Rules for the Clear PIN Encryption Callable Service
  170. Clear PIN encrypt required hardware
  171. Process Rules for the Clear PIN Generate Callable Service
  172. Array Elements for the Clear PIN Generate Callable Service
  173. Array Elements Required by the Process Rule
  174. Required access control points for Clear PIN Generate
  175. Clear PIN generate required hardware
  176. Rule Array Elements for the Clear PIN Generate Alternate Service
  177. Rule Array Keywords (First Element) for the Clear PIN Generate Alternate Service
  178. Data Array Elements for the Clear PIN Generate Alternate Service (IBM-PINO)
  179. Data Array Elements for the Clear PIN Generate Alternate Service (VISA-PVV)
  180. PIN Block Variant Constants (PBVCs)
  181. Required access control points for Clear PIN Generate Alternate
  182. Clear PIN generate alternate required hardware
  183. Keywords for CVV Key Combine Rule Array Control Information
  184. Key type combinations for the CVV key combine callable service
  185. Wrapping combinations for the CVV Combine Callable Service
  186. TR-31 export required hardware
  187. Process Rules for the Encrypted PIN Generate Callable Service
  188. Array Elements for the Encrypted PIN Generate Callable Service
  189. Array Elements Required by the Process Rule
  190. Required access control points for Encrypted PIN Generate
  191. Encrypted PIN generate required hardware
  192. Keywords for Encrypted PIN Translate
  193. Additional Names for PIN Formats
  194. PIN Block Variant Constants (PBVCs)
  195. Required access control points for Encrypted PIN Translate
  196. Encrypted PIN translate required hardware
  197. Keywords for Encrypted PIN Verify
  198. Array Elements for the Encrypted PIN Verify Callable Service
  199. Array Elements Required by the Process Rule
  200. PIN Block Variant Constants (PBVCs)
  201. Required access control points for Encrypted PIN Verify
  202. Encrypted PIN verify required hardware
  203. Rule Array Keywords for PIN Change/Unblock
  204. Required access control points for PIN Change/Unblock
  205. PIN Change/Unblock hardware
  206. Rule Array Keywords for Secure Messaging for Keys
  207. Secure messaging for keys required hardware
  208. Rule Array Keywords for Secure Messaging for PINs
  209. Secure messaging for PINs required hardware
  210. Keywords for SET Block Compose Control Information
  211. SET block compose required hardware
  212. Keywords for SET Block Compose Control Information
  213. Required access control points for PIN-block encrypting key
  214. SET block decompose required hardware
  215. Rule Array Keywords for Transaction Validation
  216. Output description for validation values
  217. Required access control points for Transaction Validation
  218. Transaction validation required hardware
  219. CVV Generate Rule Array Keywords
  220. VISA CVV service generate required hardware
  221. CVV Verify Rule Array Keywords
  222. VISA CVV service verify required hardware
  223. Keywords for Digital Signature Generate Control Information
  224. Digital signature generate required hardware
  225. Keywords for Digital Signature Verify Control Information
  226. Digital signature verify required hardware
  227. Keywords for PKA Key Generate Rule Array
  228. Required access control points for PKA Key Generate rule array keys
  229. PKA key generate required hardware
  230. Keywords for PKA Key Import
  231. PKA key import required hardware
  232. Keywords for PKA Key Token Build Control Information
  233. Key Value Structure Length Maximum Values for Key Types
  234. Key Value Structure Elements for PKA Key Token Build
  235. PKA key token build required hardware
  236. Rule Array Keywords for PKA Key Token Change
  237. PKA key token change required hardware
  238. Keywords for PKA Key Generate Rule Array
  239. Required access control points for PKA Key Translate
  240. Required access control points for source/target transport key combinations
  241. PKA key translate required hardware
  242. PKA public key extract build required hardware
  243. Retained key delete required hardware
  244. Retained key list required hardware
  245. CKDS record create required hardware
  246. CKDS Key Record Create2 required hardware
  247. CKDS record delete required hardware
  248. CKDS record read required hardware
  249. CKDS key record read2 required hardware
  250. CKDS record write required hardware
  251. CKDS key record write2 required hardware
  252. Coordinated CKDS administration required hardware
  253. PKDS key record create required hardware
  254. Keywords for PKDS Key Record Delete
  255. PKDS key record delete required hardware
  256. PKDS key record read required hardware
  257. Keywords for PKDS Key Record Write
  258. PKDS key record write required hardware
  259. Character/Nibble conversion required hardware
  260. Code conversion required hardware
  261. Keywords for ICSF Query Algorithm
  262. Output for ICSF Query Algorithm
  263. ICSF Query Algorithm required hardware
  264. Keywords for ICSF Query Service
  265. Output for option ICSFSTAT
  266. Output for option ICSFST2
  267. Output for option NUM-DECT
  268. Output for option STATAES
  269. Output for option STATCCA
  270. Output for option STATCCAE
  271. Output for option STATCARD
  272. Output for option STATDECT
  273. Output for option STATDIAG
  274. Output for option STATEID
  275. Output for option STATEXPT
  276. Output for option STATAPKA
  277. Output for option WRAPMTHD
  278. ICSF Query Service required hardware
  279. X9.9 data editing required hardware
  280. Keywords for PCI Interface Callable Service
  281. PCI Interface required hardware
  282. PKSC Interface required hardware
  283. ANSI X9.17 EDC generate required hardware
  284. Keywords for ANSI X9.17 Key Export Rule Array
  285. ANSI X9.17 key export required hardware
  286. Keywords for ANSI X9.17 Key Import Rule Array
  287. ANSI X9.17 key import required hardware
  288. Keywords for ANSI X9.17 Key Translate Rule Array
  289. ANSI X9.17 key translate required hardware
  290. ANSI X9.17 transport key partial notarize required hardware
  291. Keywords for derive multiple keys
  292. parms_list parameter format for SSL-KM and TLS-KM mechanisms
  293. parms_list parameter format for IKE1PHA1 mechanism
  294. parms_list parameter format for IKE2PHA1 mechanism
  295. parms_list parameter format for IKE1PHA2 and IKE2PHA2 mechanisms
  296. Keywords for derive key
  297. parms_list parameter format for PKCS-DH mechanism
  298. parms_list parameter format for SSL-MS, SSL-MSDH, TLS-MS, and TLS-MSDH mechanisms
  299. parms_list parameter format for EC-DH mechanism
  300. parms_list parameter format for IKESEED, IKESHARE, and IKEREKEY mechanisms
  301. Get attribute value processing for objects possessing sensitive attributes
  302. Keywords for generate secret key
  303. parms_list parameter format for SSL and TLS mechanism
  304. Keywords for generate HMAC
  305. chain_data parameter format
  306. Keywords for verify HMAC
  307. chain_data parameter format
  308. Keywords for one-way hash generate
  309. chain_data parameter format
  310. Keywords for private key sign
  311. Keywords for public key verify
  312. Keywords for derive multiple keys
  313. parms_list parameter format for TLS-PRF mechanism
  314. Authorization requirements for the set attribute value callable service
  315. Keywords for secret key decrypt
  316. initialization_vector parameter format for GCM mechanism
  317. chain_data parameter format
  318. Keywords for secret key encrypt
  319. initialization_vector parameter format for GCM mechanism
  320. initialization_vector parameter format for GCMIVGEN mechanism
  321. chain_data parameter format
  322. Authorization requirements for the token record create callable service
  323. Authorization requirements for the token record delete callable service
  324. Keywords for unwrap key
  325. Keywords for wrap key
  326. Return Codes
  327. Reason Codes for Return Code 0 (0)
  328. Reason Codes for Return Code 4 (4)
  329. Reason Codes for Return Code 8 (8)
  330. Reason Codes for Return Code C (12)
  331. Reason Codes for Return Code 10 (16)
  332. Internal Key Token Format
  333. Internal Key Token Format
  334. Format of External Key Tokens
  335. External RKX DES key-token format, version X'10'
  336. Format of Null Key Tokens
  337. Variable-length Symmetric Key Token
  338. HMAC Algorithm Key-usage fields
  339. AES Algorithm KEK Key-usage fields
  340. AES Algorithm Cipher Key Associated Data
  341. Variable-length Symmetric Null Token
  342. Format of PKA Null Key Tokens
  343. RSA Public Key Token
  344. RSA Private External Key Token Basic Record Format
  345. RSA Private Key Token, 1024-bit Modulus-Exponent External Format
  346. RSA Private Key Token, 4096-bit Modulus-Exponent External Format
  347. RSA Private Key Token, 4096-bit Chinese Remainder Theorem External Format
  348. RSA Private Internal Key Token Basic Record Format
  349. RSA Private Internal Key Token, 1024-bit ME Form for Cryptographic Coprocessor Feature
  350. RSA Private Internal Key Token, 1024-bit ME Form for PCICC, PCIXCC, CEX2C, or CEX3C
  351. RSA Private Internal Key Token, 4096-bit Chinese Remainder Theorem Internal Format
  352. DSS Public Key Token
  353. DSS Private External Key Token
  354. DSS Private Internal Key Token
  355. ECC Key Token Format
  356. Associated Data Format for ECC Private Key Token
  357. AESKW Wrapped Payload Format for ECC Private Key Token
  358. Trusted block header
  359. Trusted block trusted RSA public-key section (X'11')
  360. Trusted block rule section (X'12')
  361. Summary of trusted block rule subsection
  362. Transport key variant subsection (X'0001' of trusted block rule section (X'12')
  363. Transport key rule reference subsection (X'0002') of trusted block rule section (X'12')
  364. Common export key parameters subsection (X'0003') of trusted block rule section (X'12')
  365. Source key rule reference subsection (X'0004' of trusted block rule section (X'12')
  366. Export key CCA token parameters subsection (X'0005') of trusted block rule section (X'12')
  367. Trusted block key label (name) section X'13'
  368. Trusted block information section X'14'
  369. Summary of trusted block information subsections
  370. Protection information subsection (X'0001') of trusted block information section (X'14')
  371. Activation and expiration dates subsection (X'0002') of trusted block information section (X'14')
  372. Trusted block application-defined data section X'15'
  373. Default Control Vector Values
  374. PKA96 Clear DES Key Record
  375. EBCDIC to ASCII Default Conversion Table
  376. ASCII to EBCDIC Default Conversion Table
  377. Callable service access control points

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014