Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||||||||||
SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS. When the SET Block Decompose service is invoked without the DES-ONLY keyword, the DES key is retrieved from the RSA-OAEP block and returned in the key token contained in the DES_key_block. On subsequent calls to the SET Block Decompose service, a caller can re-use the DES key. The caller of the service must supply the DES_key_block, the DES_key_block_length, the DES_encrypted_data_block, the DES_encrypted_data_block_length, the initialization and chaining vectors, and the rule_array keywords SET1.00 and DES-ONLY. The RSA private key information, RSA-OAEP block and length, XData string and length, and hash block and length need not be supplied (although the parameters must still be specified). For this invocation, the decryption of the RSA-OAEP block is bypassed; only DES decryption is performed, using the supplied DES key. When the SET Block Decompose service is invoked with the PINBLOCK keyword, DES-ONLY may not also be specified. If both of these rule array keywords are specified, the service will fail. If PINBLOCK is specified and the DES_key_block_length field is not 128, the service will fail. The SET Block Decompose access control point controls the function of this service. If a PIN-block encrypting key is supplied in the DES_key_block, the access control point matching the key type of the key must be enabled in the ICSF role.
This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|