SAF may be invoked to verify the caller is authorized to use this
callable service, the key label, or internal secure key tokens that
are stored in the CKDS or PKDS.
If an RSA public key is specified as the transporter_key_identifier,
the hardware configuration sets the limit on the modulus size of keys
for key management; thus, this service will fail if the RSA key modulus
bit length exceeds this limit.
The strength of the exporter key expected by Symmetric
Key Export depends on the attributes of the key being exported. The
resulting return code and reason code when using an exporter KEK that
is weaker depends on the “Variable-length Symmetric Token - disallow
weak wrap" and “Variable-length Symmetric Token - warn when
weak wrap" access control points:
- If the “Variable-length Symmetric Token - disallow weak wrap"
access control point is disabled (the default), the key strength requirement
will not be enforced. Using a weaker key will result in return code
0 with a non-zero reason code if the “Variable-length Symmetric
Token - warn when weak wrap" access control point is enabled.
Otherwise, a reason code of zero will be returned.
- If the “disallow" access control point is enabled (using
TKE), the key strength requirement will be enforced, and attempting
to use a weaker key will result in return code 8.
For AES DATA and AES CIPHER keys, the AES EXPORTER key
must be at least as long as the key being exported to be considered
sufficient strength.
For HMAC keys, the AES EXPORTER must be sufficient strength
as described in the following table.
If an RSA public key is specified as the transporter_key_identifier,
the RSA key used must have a modulus size greater than or equal to
the total PKOAEP2 message bit length (key size + total overhead):
Note that wrapping an AES 192-bit key or an AES 256-bit
key with any RSA key will always be considered a weak wrap.
The following table shows the access control points
in the ICSF role that control the function of this service.
Table 99. Required access control points for Symmetric Key ExportKey formatting method | Algorithm | Access control point |
---|
PKCSOAEP | AES | Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2 | | DES | Symmetric Key Export - DES, PKCS-1.2 | PKCS-1.2 | AES | Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2 | | DES | Symmetric Key Export - DES, PKCS-1.2 | ZERO-PAD | AES | Symmetric Key Export - AES, ZERO-PAD | | DES | Symmetric Key Export - DES, ZERO-PAD | PKOAEP2 | HMAC | Symmetric Key Export - HMAC, PKOAEP2 | | AES | Symmetric Key Export - AES, PKOAEP2 | AESKW | AES or HMAC | Symmetric Key Export - AESKW | | Restricted
operation | Access control point | Prohibit wrapping a key with
a weaker key | Variable-length Symmetric Token - disallow
weak wrap | Issue a non-zero reason code
when using a weak wrapping key | Variable-length Symmetric Token - warn when
weak wrap | Note that both the “Variable-length Symmetric Token
- disallow weak wrap" and “Variable-length Symmetric Token
- warn when weak wrap" access control points are disabled in
the default role.
This table lists the required cryptographic hardware for each server
type and describes restrictions for this callable service.
Table 100. Symmetric key export required hardwareServer | Required
cryptographic hardware | Restrictions |
---|
IBM zSeries 900 | Cryptographic Coprocessor Feature |
RSA
keys with moduli greater than 1024-bit length are not supported.
Encrypted
AES keys are not supported.
The DES, HMAC, and PKOAEP2 keywords
are not supported. | PCI Cryptographic Coprocessor | ICSF routes
this service to a PCI Cryptographic Coprocessor if one is available on your server. This
service will not be routed to a PCI Cryptographic Coprocessor if the modulus bit length of
the RSA public key is less than 512 bits.
Use of keyword
PKCSOAEP requires the PCI Cryptographic Coprocessor and uses the SHA-1
hash method. The SHA-256 keyword is not supported for PKCSOAEP.
RSA
keys with moduli greater than 2048-bit length are not supported.
Encrypted
AES keys are not supported.
The DES, AESKW, HMAC,
and PKOAEP2 keywords are not supported. | IBM zSeries 990
IBM zSeries 890 | PCI X Cryptographic Coprocessor
Crypto Express2 Coprocessor |
RSA
keys with moduli greater than 2048-bit length are not supported.
Encrypted
AES keys are not supported.
The AESKW, HMAC, and PKOAEP2
keywords are not supported.
The SHA-256 keyword is
not supported for PKCSOAEP. | IBM
System z9 EC
IBM System z9 BC | Crypto
Express2 Coprocessor |
RSA
key support with moduli within the range 2048-bit to 4096-bit requires the Nov. 2007 or later licensed internal code (LIC).
Encrypted
AES key support requires the Nov. 2008 or later licensed internal
code (LIC).
The AESKW, HMAC, and PKOAEP2 keywords
are not supported.
The SHA-256 keyword is not supported
for PKCSOAEP. |
|