Sample sequences in which the ICSF callable services might be
called are shown in Table 5.
Table 5. Combinations of the Callable Services
Combination A (DATA keys only) Combination B
1. Random number generate 1. Random number generate
2. Clear key import or 2. Secure key import or
multiple clear key import multiple secure key import
3. Encipher/decipher 3. Any service
4. Data key export or key export 4. Data key export for DATA keys, or
(optional step) key export in the general case
(optional step)
Combination C Combination D
1. Key generate (OP form only) 1. Key generate (OPEX form)
2. Any service 2. Any service
3. Key export (optional)
Combination E Combination F
1. Key generate (IM form only) 1. Key generate (IMEX form)
2. Key import 2. Key import
3. Any service 3. Any service
4. Key export (optional)
Combination G Combination H
1. Key generate 1. Key import
2. Key record create 2. Key record create
3. Key record write 3. Key record write
4. Any service (passing label 4. Any service (passing label
of the key just generated) of the key just generated)
Combination I
1. Key token build to create
key token skeleton
2. Key generate to OP form of
AKEK using key token skeleton
3. Use AKEK in any ANSI X9.17
service
|
Notes:
- An example of “any service” is CSNBENC.
- These combinations exclude services that can be used on their
own; for example, key export or encode, or using key generate to generate
an exportable key.
- These combinations do not show key communication, or the transmission
of any output from an ICSF callable service.
- Combination I is not available on the IBM zSeries 990.
| The key forms are described in Key Generate (CSNBKGN and CSNEKGN).
|