z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Usage Notes

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

For DSS if r=0 or s=0 then verification always fails. The DSS digital signature is of the form r || s, each 20 bytes.

The Digital Signature Verify access control point controls the function of this service.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 226. Digital signature verify required hardware
ServerRequired cryptographic hardwareRestrictions
IBM eServer zSeries 900Cryptographic Coprocessor Feature

ECC not supported.

Trusted key block not supported.

TPK-ONLY keyword not supported.

RSA keys with moduli greater than 1024-bit length are not supported.

IBM eServer zSeries 990

IBM eServer zSeries 890

PCI X Cryptographic Coprocessor

Crypto Express2 Coprocessor

PCI Cryptographic Accelerator

ECC not supported.

DSS tokens are not supported.

Trusted key block not supported.

TPK-ONLY keyword not supported.

RSA keys with moduli greater than 2048-bit length are not supported.

IBM System z9 EC

IBM System z9 BC

Crypto Express2 Coprocessor

Crypto Express2 Accelerator

ECC not supported.

DSS tokens are not supported.

RSA key support with moduli within the range 2048-bit to 4096-bit requires the Nov. 2007 or later licensed internal code (LIC).

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014