- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes).
The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of keywords you supplied in the rule_array parameter.
The value must be 2.
- rule_array
-
Direction: Input | Type: String |
The rule_array contains keywords that provide
control information to the callable service. The keywords must be
in contiguous storage with each of the keywords left-justified in
its own 8-byte location and padded on the right with blanks.
Table 36. Keywords for Key Generate2 Control InformationKeyword | Meaning |
---|
Token algorithm (required) |
HMAC | Specifies to generate an HMAC key
token. |
AES | Specifies to generate an AES key token. |
Key Form
(required)
The first two characters refer to key_type_1.
The next two characters refer to key_type_2. See the Usage
Notes section for further details. |
EX | One key that can be sent to another system. |
EXEX | A key pair; both keys to be sent elsewhere,
possibly for exporting to two different systems. Both keys have the
same clear value. |
IM | One key that can be locally imported. The key
can be imported onto this system to make it operational at another
time. |
IMEX | A key pair to be imported; one key to be imported
locally and one key to be sent elsewhere. Both keys have the same
clear value. |
IMIM | A key pair to be imported; both keys to be imported
locally at another time. Both keys have the same clear
value. |
OP | One operational key. The key is returned to
the caller in operational form to be used locally. |
OPEX | A key pair; one key that is operational and
one key to be sent elsewhere. Both keys have the same clear value. |
OPIM | A key pair; one key that is operational and
one key to be imported locally at another time. Both keys have the
same clear value. |
OPOP | A key pair; either with the same key type with
different associated data or complementary key types. Both
keys have the same clear value. |
- clear_key_bit_length
-
Direction: Input | Type: Integer |
The size (in bits) of the key to be generated.
- For the HMAC algorithm, this is a value between 80 and 2048, inclusive.
- For the AES algorithm, this is a value of 128, 192, or 256.
When key_type_1 or key_type_2 is TOKEN, this
value overrides the key length contained in generated_key_identifier_1 or generated_key_identifier_2,
respectively.
- key_type_1
-
Direction: Input | Type: String |
Use the key_type_1 parameter for the
first, or only, key that you want generated. The keyword must be left-justified
and padded with blanks. Valid type combinations depend on the key
form, and are documented in Table 39 and Table 40.
The
8-byte keyword for the key_type_1 parameter can be one of
the following:
If key_type_1 is TOKEN, the associated
data in the generated_key_identifier_1 parameter is examined
to derive the key type.
- key_type_2
-
Direction: Input | Type: String |
Use the key_type_2 parameter for a key pair, which
is shown in Table 40. The keyword must be left-justified
and padded with blanks. Valid type combinations depend on the key
form.
The 8-byte keyword for the key_type_2 parameter
can be one of the following:
If key_type_2 is TOKEN,
the associated data in the generated_key_identifier_2 parameter
is examined to derive the key type.
When only one key is being
generated, this parameter is ignored.
- key_name_1_length
-
Direction: Input | Type: Integer |
The length of the key_name parameter for generated_key_identifier_1.
Valid values are 0 and 64 bytes.
- key_name_1
-
Direction: Input | Type: String |
A 64-byte key store label to be stored in the associated
data structure of generated_key_identifier_1.
- key_name_2_length
-
Direction: Input | Type: Integer |
The length of the key_name parameter for generated_key_identifier_2.
Valid values are 0 and 64 bytes.
When only one key
is being generated, this parameter is ignored.
- key_name_2
-
Direction: Input | Type: String |
A 64-byte key store label to be stored in the associated
data structure of generated_key_identifier_2.
When
only one key is being generated, this parameter is ignored.
- user_associated_data_1_length
-
Direction: Input | Type: Integer |
The length of the user-associated data parameter
for generated_key_identifier_1. The valid values are 0 to
255 bytes.
- user_associated_data_1
-
Direction: Input | Type: String |
User-associated data to be stored in the associated
data structure for generated_key_identifier_1.
- user_associated_data_2_length
-
Direction: Input | Type: Integer |
The length of the user-associated data parameter
for generated_key_identifier_2. The valid values are 0 to
255 bytes.
When only one key is being generated,
this parameter is ignored.
- user_associated_data_2
-
Direction: Input | Type: String |
User associated data to be stored in the associated data
structure for generated_key_identifier_2.
When only
one key is being generated, this parameter is ignored.
- key_encrypting_key_identifier_1_length
-
Direction: Input | Type: Integer |
The length of the buffer for key_encrypting_key_identifier_1 in
bytes. When the Key Form rule is OP, OPOP, OPIM, or OPEX, this length
must be zero. When the Key Form rule is EX, EXEX, IM, IMEX, or IMIM,
the value must be between the actual length of the token and 725 bytes
when key_encrypting_key_identifier_1 is a token.
The
value must be 64 bytes when key_encrypting_key_identifier_1 is
a label.
- key_encrypting_key_identifier_1
-
Direction: Input/Output | Type: String |
When key_encrypting_key_identifier_1_length is
zero, this parameter is ignored. Otherwise, key_encrypting_key_identifier_1 contains
an internal key token containing the AES importer or exporter key-encrypting
key, or a key label.
If the token supplied was encrypted under
the old master key, the token will be returned encrypted under the
current master key.
- key_encrypting_key_identifier_2_length
-
Direction: Input | Type: Integer |
The length of the buffer for key_encrypting_key_identifier_2 in
bytes. When the Key Form rule is OPOP, this length must be zero. When
the Key Form rule is EXEX, IMEX, IMIM, OPIM, or OPEX, the value must
be between the actual length of the token and 725 when key_encrypting_key_identifier_2 is
a token. The value must be 64 when key_encrypting_key_identifier_2 is
a label.
When only one key is being generated, this parameter
is ignored.
- key_encrypting_key_identifier_2
-
Direction: Input/Output | Type: String |
When key_encrypting_key_identifier_2_length is
zero, this parameter is ignored. Otherwise, key_encrypting_key_identifier_2 contains
an internal key token containing the AES importer or exporter key-encrypting
key, or a key label.
If the token supplied was encrypted under
the old master key, the token will be returned encrypted under the
current master key.
When only one key is being generated, this
parameter is ignored.
- generated_key_identifier_1_length
-
Direction: Input/Output | Type: Integer |
On input, the length of the buffer for the generated_key_identifier_1 parameter
in bytes. The maximum value is 900 bytes.
On
output, the parameter will hold the actual length of the generated_key_identifier_1.
- generated_key_identifier_1
-
Direction: Input/Output | Type: String |
The buffer for the first generated key token.
On
input, if you specify a key_type_1 of TOKEN, then the buffer contains
a valid key token of the key type you want to generate. The key token
must be left justified in the buffer. See key_type_1 for
a list of valid key types.
On output, the buffer contains the
generated key token.
- generated_key_identifier_2_length
-
Direction: Input/Output | Type: Integer |
On input, the length of the buffer for the generated_key_identifier_2 in
bytes. The maximum value is 900 bytes.
On
output, the parameter will hold the actual length of the generated_key_identifier_2.
When only one key is being generated, this parameter is
ignored.
- generated_key_identifier_2
-
Direction: Input/Output | Type: String |
The buffer for the second generated key token.
On
input, if you specify a key_type_2 of TOKEN, then the buffer
contains a valid key token of the key type you want to generate. The
key token must be left justified in the buffer. See key_type_2 for
a list of valid key types.
On output, the buffer contains the
generated key token.
When only one key is being generated,
this parameter is ignored.