Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||||||||||
SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS. Systems with the Cryptographic Coprocessor Feature: To generate double-length MAC and MACVER keys in the importable form, the ANSI system keys must be installed in the CKDS. This service will mark DATA, IMPORTER and EXPORTER key tokens with the system encryption algorithm.
Systems with the PCI X Cryptographic Coprocessor, Crypto Express2 Coprocessor, or Crypto Express3 Coprocessor: If key_form is IM and the importer_key_identifier is NOCV KEK, the NOCV IMPORTER access control point must be enabled. The following table shows the access control points in the ICSF role that control the function of this service.
To use a NOCV key-encrypting key with the secure key import service, the NOCV KEK usage for import-related functions access control point must be enabled in addition to one or both of the access control points listed. This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|