z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


PKCS #11 Management Services

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

ICSF provides callable services that support PKCS #11 token and object management. The following table summarizes these callable services. For complete syntax and reference information, refer to PKCS #11 Callable Services.

Table 9. Summary of PKCS #11 callable services
VerbService NameFunction
CSFPDVKPKCS #11 Derive keyGenerate a new secret key object from an existing key object
CSFPDMKPKCS #11 Derive multiple keysGenerate multiple secret key objects and protocol dependent keying material from an existing secret key object
CSFPHMGPKCS #11 Generate HMACGenerate a hashed message authentication code (MAC)
CSFPGKPPKCS #11 Generate key pairGenerate an RSA, DSA, Elliptic Curve, or Diffie-Hellman key pair
CSFPGSKPKCS #11 Generate secret keyGenerate a secret key or set of domain parameters
CSFPGAVPKCS #11 Get attribute valueList the attributes of a PKCS11 object
CSFPOWHPKCS #11 One-way hash, sign, or verifyGenerate a one-way hash on specified text, sign specified text, or verify a signature on specified text
CSFPPKSPKCS #11 Private key sign
  • Decrypt or sign data using an RSA private key using zero-pad or PKCS #1 v1.5 formatting
  • Sign data using a DSA private key
  • Sign data using an Elliptic Curve private key in combination with DSA
CSFPPRFPKCS #11 Pseudo-random functionGenerate pseudo-random output of arbitrary length.
CSFPPKVPKCS #11 Public key verify
  • Encrypt or verify data using an RSA public key using zero-pad or PKCS #1 v1.5 formatting. For encryption, the encrypted data is returned
  • Verify a signature using a DSA public key. No data is returned
  • Verify a signature using an Elliptic Curve public key in combination with DSA. No data is returned
CSFPSKDPKCS #11 Secret key decryptDecipher data using a clear symmetric key
CSFPSKEPKCS #11 Secret key encryptEncipher data using a clear symmetric key
CSFPSAVPKCS #11 Set attribute valueUpdate the attributes of a PKCS11 object
CSFPTRCPKCS #11 Token record createInitialize or re-initialize a z/OS PKCS #11 token, creates or copies a token object in the token data set and creates or copies a session object for the current PKCS #11 session
CSFPTRDPKCS #11 Token record deleteDelete a z/OS PKCS #11 token, token object, or session object
CSFPTRLPKCS #11 Token record listObtain a list of z/OS PKCS #11 tokens. The caller must have SAF authority to the token. Also obtains a list of token and session objects for a token. Use a search template to restrict the search for specific attributes.
CSFPUWKPKCS #11 Unwrap keyUnwrap and create a key object using another key
CSFPHMVPKCS #11 Verify HMACVerify a hash message authentication code (MAC)
CSFPWPKPKCS #11 Wrap keyWrap a key with another key

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014