SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

If an RSA public key is specified as the transporter_key_identifier, the hardware configuration sets the limit on the modulus size of keys for key management; thus, this service will fail if the RSA key modulus bit length exceeds this limit.

The strength of the exporter key expected by Symmetric Key Export depends on the attributes of the key being exported. The resulting return code and reason code when using an exporter KEK that is weaker depends on the “Variable-length Symmetric Token - disallow weak wrap" and “Variable-length Symmetric Token - warn when weak wrap" access control points:

• If the “Variable-length Symmetric Token - disallow weak wrap" access control point is disabled (the default), the key strength requirement will not be enforced. Using a weaker key will result in return code 0 with a non-zero reason code if the “Variable-length Symmetric Token - warn when weak wrap" access control point is enabled. Otherwise, a reason code of zero will be returned.
• If the “disallow" access control point is enabled (using TKE), the key strength requirement will be enforced, and attempting to use a weaker key will result in return code 8.

For AES DATA and AES CIPHER keys, the AES EXPORTER key must be at least as long as the key being exported to be considered sufficient strength.

For HMAC keys, the AES EXPORTER must be sufficient strength as described in the following table.

If an RSA public key is specified as the transporter_key_identifier, the RSA key used must have a modulus size greater than or equal to the total PKOAEP2 message bit length (key size + total overhead):

Note that wrapping an AES 192-bit key or an AES 256-bit key with any RSA key will always be considered a weak wrap.

The following table shows the access control points in the ICSF role that control the function of this service.

Note that both the “Variable-length Symmetric Token - disallow weak wrap" and “Variable-length Symmetric Token - warn when weak wrap" access control points are disabled in the default role.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 100. Symmetric key export required hardware

Server	Required cryptographic hardware	Restrictions
IBM zSeries 900	Cryptographic Coprocessor Feature	RSA keys with moduli greater than 1024-bit length are not supported. Encrypted AES keys are not supported. The DES, HMAC, and PKOAEP2 keywords are not supported.
	PCI Cryptographic Coprocessor	ICSF routes this service to a PCI Cryptographic Coprocessor if one is available on your server. This service will not be routed to a PCI Cryptographic Coprocessor if the modulus bit length of the RSA public key is less than 512 bits. Use of keyword PKCSOAEP requires the PCI Cryptographic Coprocessor and uses the SHA-1 hash method. The SHA-256 keyword is not supported for PKCSOAEP. RSA keys with moduli greater than 2048-bit length are not supported. Encrypted AES keys are not supported. The DES, AESKW, HMAC, and PKOAEP2 keywords are not supported.
IBM zSeries 990 IBM zSeries 890	PCI X Cryptographic Coprocessor Crypto Express2 Coprocessor	RSA keys with moduli greater than 2048-bit length are not supported. Encrypted AES keys are not supported. The AESKW, HMAC, and PKOAEP2 keywords are not supported. The SHA-256 keyword is not supported for PKCSOAEP.
IBM System z9 EC IBM System z9 BC	Crypto Express2 Coprocessor	RSA key support with moduli within the range 2048-bit to 4096-bit requires the Nov. 2007 or later licensed internal code (LIC). Encrypted AES key support requires the Nov. 2008 or later licensed internal code (LIC). The AESKW, HMAC, and PKOAEP2 keywords are not supported. The SHA-256 keyword is not supported for PKCSOAEP.