Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||
The rule_array keyword allows the caller to select how much information is returned. The returned data can describe all cryptographic support on the base system or it can be filtered by an algorithm. For example, a rule_array_count of 0 will return information about all algorithms and key security. A rule_array_count of 1 and a keyword of 'AES' will return information about the AES algorithm support, both clear and secure AES keys. Only cryptographic coprocessors in the active state are queried. In general, a key security of SECURE implies that both SECURE and CLEAR key versions of the algorithm are supported by the processor or the cryptographic coprocessor. The exception is TDES support in CCF on a z900. Only SECURE TDES keys are supported. This service lists an algorithm as being supported when the cryptographic coprocessor or accelerator is capable of performing the function. It does not reflect when an algorithm is unavailable because TKE was used to disable the function. RNGL keyword refers to the Random Number Generate Long (CSFBRNGL) callable service. The following is returned for implementation:
When a row of the returned_data table contains a Key Security value of SECURE and an Implementation value of CPU, this indicates that the CSNBSYE and CSNBSYD callable services support the use of key labels for encrypted keys stored in the CKDS. In other words, the required functions in ICSF, CPACF and the cryptographic coprocessor are available. This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|