z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic
|
Next topic
|
Contents
|
Index
|
Contact z/OS
|
Library
|
PDF
Tables
z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16
ICSF Callable Services Naming Conventions
Standard Return Code Values From ICSF Callable Services
Descriptions of Key Types
Summary of Data Encryption Standard Bits
Combinations of the Callable Services
Summary of ICSF Callable Services
Summary of PKA Key Token Sections
Summary of PKA Callable Services
Summary of PKCS #11 callable services
Clear key import required hardware
Control vector generate required hardware
Keywords for Control Vector Translate
Control vector translate required hardware
Cryptographic variable encipher required hardware
Required access control points for Data key export
Data key export required hardware
Required access control points for Data key import
Data key import required hardware
Rule Array Keywords for Diversified Key Generate
Required access control points for Diversified Key Generate
Diversified key generate required hardware
Keywords for ECC Diffie-Hellman
Valid key bit lengths and minimum curve size required for the supported output key types.
ECC Diffie-Hellman required hardware
Required access control points for Key Export
Key export required hardware
Key Form Values for the Key Generate Callable Service
Key Length Values for the Key Generate Callable Service
Key lengths for DES keys - CCF systems
Key lengths for DES keys - PCIXCC/CEX2C/CEX3C systems
Key lengths for AES keys - CEX2C/CEX3C systems
Required access control points for Key Generate
Key Generate Valid Key Types and Key Forms for a Single Key
Key Generate Valid Key Types and Key Forms for a Key Pair
Key generate required hardware
Keywords for Key Generate2 Control Information
Keywords and associated algorithms for key_type_1 parameter
Keywords and associated algorithms for key_type_2 parameter
Key Generate2 valid key type and key form for one key
Key Generate2 Valid key type and key forms for two keys
AES KEK strength required for generating an HMAC key under an AES KEK
Required access control points for Key Generate2
Key Generate2 required hardware
Required access control points for Key Import
Key import required hardware
Keywords for Key Part Import Control Information
Required access control points for Key Part Import
Key part import required hardware
Keywords for Key Part Import2 Control Information
Required access control points for Key Part Import2
Key Part Import2 required hardware
Keywords for Key Test Control Information
Key test required hardware
Keywords for Key Test2 Control Information
Key Test2 required hardware
Keywords for Key Test Extended Control Information
Key test extended required hardware
Key type keywords for key token build
Keywords for Key Token Build Control Information
Key types and field lengths for AES keys
Control Vector Generate and Key Token Build Control Vector Keyword Combinations
Key token build required hardware
Keywords for Key Token Build2 Control Information
Key Token Build2 required hardware
Key translate required hardware
Key Translate2 Access Control Points
Key Translate2 required hardware
Keywords for Multiple Clear Key Import Rule Array Control Information
Required access control points for Multiple Clear Key Import
Multiple clear key import required hardware
Keywords for Multiple Secure Key Import Rule Array Control Information
Required access control points for Multiple Secure Key Import
Multiple secure key import required hardware
Keywords for PKA Decrypt
PKA decrypt required hardware
Keywords for PKA Encrypt
PKA encrypt required hardware
Prohibit export required hardware
Prohibit export extended required hardware
Keywords for the Form Parameter
Keywords for Random Number Generate Control Information
Random number generate required hardware
Structure of values used by RKX
Values defined for hash algorithm identifier at offset 24 in the structure for remote key export
Transport_key_identifer used by RKX
Examination of key token for source_key_identifier
Remote key export required hardware
Keywords for Restrict Key Attribute Control Information
Restrict Key Attribute required hardware
Required access control points for Secure Key Import
Secure key import required hardware
Keywords for Secure Key Import2 Control Information
Required access control points for Secure Key Import2
Secure Key Import2 required hardware
Keywords for Symmetric Key Export Control Information
AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER
Minimum RSA modulus strength required to contain a PKOAEP2 block when exporting an AES key
Minimum RSA modulus length to adequately protect an AES key
Required access control points for Symmetric Key Export
Symmetric key export required hardware
Keywords for Symmetric Key Generate Control Information
Required access control points for Symmetric Key Generate
Symmetric key generate required hardware
Keywords for Symmetric Key Import Control Information
Required access control points for Symmetric Key Import
Symmetric key import required hardware
Keywords for Symmetric Key Import2 Control Information
PKCS#1 OAEP encoded message layout (PKOAEP2)
Symmetric Key Import2 Access Control Points
Symmetric key import2 required hardware
Transform CDMF key required hardware
Rule_array keywords for Trusted Block Create (CSNDTBC)
Required access control points for Trusted Block Create
Trusted Block Create required hardware
Keywords for TR-31 Export Rule Array Control Information
TR-31 export required hardware
Keywords for TR-31 Import Rule Array Control Information
Export attributes of an imported CCA token
TR-31 export required hardware
TR-31 Optional Data Build required hardware
Keywords for TR-31 Optional Data Read Rule Array Control Information
TR-31 Optional Data Read required hardware
TR-31 Parse required hardware
Keywords for User Derived Key Control Information
User derived key required hardware
Ciphertext translate required hardware
Keywords for the Decipher Rule Array Control Information
Decipher required hardware
Decode required hardware
Keywords for the Encipher Rule Array Control Information
Encipher required hardware
Encode required hardware
Symmetric Algorithm Decipher Rule Array Keywords
Symmetric Algorithm Decipher required hardware
Symmetric Algorithm Encipher Rule Array Keywords
Symmetric Algorithm Encipher required hardware
Symmetric Key Decipher Rule Array Keywords
Required access control points for Symmetric Key Decipher
Symmetric Key Decipher required hardware
Symmetric Key Encipher Rule Array Keywords
Required access control points for Symmetric Key Encipher
Symmetric Key Encipher required hardware
Keywords for HMAC Generate Control Information
HMAC Generate Access Control Points
HMAC generate required hardware
Keywords for HMAC Verify Control Information
HMAC Verify Access Control Points
HMAC generate required hardware
Keywords for MAC generate Control Information
MAC generate required hardware
Keywords for MAC verify Control Information
MAC verify required hardware
Keywords for MDC Generate Control Information
MDC generate required hardware
Keywords for One-Way Hash Generate Rule Array Control Information
One-way hash generate required hardware
Keywords for symmetric MAC generate control information
Symmetric MAC generate required hardware
Keywords for symmetric MAC verify control information
Symmetric MAC verify required hardware
ANSI X9.8 PIN - Allow only ANSI PIN blocks
Format of a PIN Profile
Format Values of PIN Blocks
PIN Block Format and PIN Extraction Method Keywords
Callable Services Affected by Enhanced PIN Security Mode
Format of a Pad Digit
Pad Digits for PIN Block Formats
Format of the Current Key Serial Number Field
Process Rules for the Clear PIN Encryption Callable Service
Clear PIN encrypt required hardware
Process Rules for the Clear PIN Generate Callable Service
Array Elements for the Clear PIN Generate Callable Service
Array Elements Required by the Process Rule
Required access control points for Clear PIN Generate
Clear PIN generate required hardware
Rule Array Elements for the Clear PIN Generate Alternate Service
Rule Array Keywords (First Element) for the Clear PIN Generate Alternate Service
Data Array Elements for the Clear PIN Generate Alternate Service (IBM-PINO)
Data Array Elements for the Clear PIN Generate Alternate Service (VISA-PVV)
PIN Block Variant Constants (PBVCs)
Required access control points for Clear PIN Generate Alternate
Clear PIN generate alternate required hardware
Keywords for CVV Key Combine Rule Array Control Information
Key type combinations for the CVV key combine callable service
Wrapping combinations for the CVV Combine Callable Service
TR-31 export required hardware
Process Rules for the Encrypted PIN Generate Callable Service
Array Elements for the Encrypted PIN Generate Callable Service
Array Elements Required by the Process Rule
Required access control points for Encrypted PIN Generate
Encrypted PIN generate required hardware
Keywords for Encrypted PIN Translate
Additional Names for PIN Formats
PIN Block Variant Constants (PBVCs)
Required access control points for Encrypted PIN Translate
Encrypted PIN translate required hardware
Keywords for Encrypted PIN Verify
Array Elements for the Encrypted PIN Verify Callable Service
Array Elements Required by the Process Rule
PIN Block Variant Constants (PBVCs)
Required access control points for Encrypted PIN Verify
Encrypted PIN verify required hardware
Rule Array Keywords for PIN Change/Unblock
Required access control points for PIN Change/Unblock
PIN Change/Unblock hardware
Rule Array Keywords for Secure Messaging for Keys
Secure messaging for keys required hardware
Rule Array Keywords for Secure Messaging for PINs
Secure messaging for PINs required hardware
Keywords for SET Block Compose Control Information
SET block compose required hardware
Keywords for SET Block Compose Control Information
Required access control points for PIN-block encrypting key
SET block decompose required hardware
Rule Array Keywords for Transaction Validation
Output description for validation values
Required access control points for Transaction Validation
Transaction validation required hardware
CVV Generate Rule Array Keywords
VISA CVV service generate required hardware
CVV Verify Rule Array Keywords
VISA CVV service verify required hardware
Keywords for Digital Signature Generate Control Information
Digital signature generate required hardware
Keywords for Digital Signature Verify Control Information
Digital signature verify required hardware
Keywords for PKA Key Generate Rule Array
Required access control points for PKA Key Generate rule array keys
PKA key generate required hardware
Keywords for PKA Key Import
PKA key import required hardware
Keywords for PKA Key Token Build Control Information
Key Value Structure Length Maximum Values for Key Types
Key Value Structure Elements for PKA Key Token Build
PKA key token build required hardware
Rule Array Keywords for PKA Key Token Change
PKA key token change required hardware
Keywords for PKA Key Generate Rule Array
Required access control points for PKA Key Translate
Required access control points for source/target transport key combinations
PKA key translate required hardware
PKA public key extract build required hardware
Retained key delete required hardware
Retained key list required hardware
CKDS record create required hardware
CKDS
Key Record Create2 required hardware
CKDS record delete required hardware
CKDS record read required hardware
CKDS key record read2 required hardware
CKDS record write required hardware
CKDS
key record write2 required hardware
Coordinated CKDS administration required hardware
PKDS key record create required hardware
Keywords for PKDS Key Record Delete
PKDS key record delete required hardware
PKDS key record read required hardware
Keywords for PKDS Key Record Write
PKDS key record write required hardware
Character/Nibble conversion required hardware
Code conversion required hardware
Keywords for ICSF Query Algorithm
Output for ICSF Query Algorithm
ICSF Query Algorithm required hardware
Keywords for ICSF Query Service
Output for option ICSFSTAT
Output for option ICSFST2
Output for option NUM-DECT
Output for option STATAES
Output for option STATCCA
Output for option STATCCAE
Output for option STATCARD
Output for option STATDECT
Output for option STATDIAG
Output for option STATEID
Output for option STATEXPT
Output for option STATAPKA
Output for option WRAPMTHD
ICSF Query Service required hardware
X9.9 data editing required hardware
Keywords for PCI Interface Callable Service
PCI Interface required hardware
PKSC Interface required hardware
ANSI X9.17 EDC generate required hardware
Keywords for ANSI X9.17 Key Export Rule Array
ANSI X9.17 key export required hardware
Keywords for ANSI X9.17 Key Import Rule Array
ANSI X9.17 key import required hardware
Keywords for ANSI X9.17 Key Translate Rule Array
ANSI X9.17 key translate required hardware
ANSI X9.17 transport key partial notarize required hardware
Keywords for derive multiple keys
parms_list parameter format for SSL-KM and TLS-KM mechanisms
parms_list parameter format for IKE1PHA1 mechanism
parms_list parameter format for IKE2PHA1 mechanism
parms_list parameter format for IKE1PHA2 and IKE2PHA2 mechanisms
Keywords for derive key
parms_list parameter format for PKCS-DH mechanism
parms_list parameter format for SSL-MS, SSL-MSDH, TLS-MS, and TLS-MSDH mechanisms
parms_list parameter format for EC-DH mechanism
parms_list parameter format for IKESEED, IKESHARE, and IKEREKEY mechanisms
Get attribute value processing for objects possessing sensitive attributes
Keywords for generate secret key
parms_list parameter format for SSL and TLS mechanism
Keywords for generate HMAC
chain_data parameter format
Keywords for verify HMAC
chain_data parameter format
Keywords for one-way hash generate
chain_data parameter format
Keywords for private key sign
Keywords for public key verify
Keywords for derive multiple keys
parms_list parameter format for TLS-PRF mechanism
Authorization requirements for the set attribute value callable service
Keywords for secret key decrypt
initialization_vector parameter format for GCM mechanism
chain_data parameter format
Keywords for secret key encrypt
initialization_vector parameter format for GCM mechanism
initialization_vector parameter format for GCMIVGEN mechanism
chain_data parameter format
Authorization requirements for the token record create callable service
Authorization requirements for the token record delete callable service
Keywords for unwrap key
Keywords for wrap key
Return Codes
Reason Codes for Return Code 0 (0)
Reason Codes for Return Code 4 (4)
Reason Codes for Return Code 8 (8)
Reason Codes for Return Code C (12)
Reason Codes for Return Code 10 (16)
Internal Key Token Format
Internal Key Token Format
Format of External Key Tokens
External RKX DES key-token format, version X'10'
Format of Null Key Tokens
Variable-length Symmetric Key Token
HMAC Algorithm Key-usage fields
AES Algorithm KEK Key-usage fields
AES Algorithm Cipher Key Associated Data
Variable-length Symmetric Null Token
Format of PKA Null Key Tokens
RSA Public Key Token
RSA Private External Key Token Basic Record Format
RSA Private Key Token, 1024-bit Modulus-Exponent External Format
RSA Private Key Token, 4096-bit Modulus-Exponent External Format
RSA Private Key Token, 4096-bit Chinese Remainder Theorem External Format
RSA Private Internal Key Token Basic Record Format
RSA Private Internal Key Token, 1024-bit ME Form for Cryptographic Coprocessor Feature
RSA Private Internal Key Token, 1024-bit ME Form for PCICC, PCIXCC, CEX2C, or CEX3C
RSA Private Internal Key Token, 4096-bit Chinese Remainder Theorem Internal Format
DSS Public Key Token
DSS Private External Key Token
DSS Private Internal Key Token
ECC Key Token Format
Associated Data Format for ECC Private Key Token
AESKW Wrapped Payload Format for ECC Private Key Token
Trusted block header
Trusted block trusted RSA public-key section (
X'11'
)
Trusted block rule section (
X'12'
)
Summary of trusted block rule subsection
Transport key variant subsection (
X'0001'
of trusted block rule section (
X'12'
)
Transport key rule reference subsection (
X'0002'
) of trusted block rule section (
X'12'
)
Common export key parameters subsection (
X'0003'
) of trusted block rule section (
X'12'
)
Source key rule reference subsection (
X'0004'
of trusted block rule section (
X'12'
)
Export key CCA token parameters subsection (
X'0005'
) of trusted block rule section (
X'12'
)
Trusted block key label (name) section
X'13'
Trusted block information section
X'14'
Summary of trusted block information subsections
Protection information subsection (
X'0001'
) of trusted block information section (
X'14'
)
Activation and expiration dates subsection (
X'0002'
) of trusted block information section (
X'14'
)
Trusted block application-defined data section
X'15'
Default Control Vector Values
PKA96 Clear DES Key Record
EBCDIC to ASCII Default Conversion Table
ASCII to EBCDIC Default Conversion Table
Callable service access control points
Copyright IBM Corporation 1990, 2014