Use the diversified key generate service to generate a key based
on the key-generating key, the processing method, and the parameter
supplied. The control vector of the key-generating key also determines
the type of target key that can be generated.
To use this service, specify:
- The rule array keyword to select the diversification process.
- The operational key-generating key from which the diversified
keys are generated. The control vector associated with this key restricts
the use of this key to the key generation process. This control vector
also restricts the type of key that can be generated.
- The data and length of data used in the diversification process.
- The generated-key may be an internal token or a skeleton token
containing the desired CV of the generated-key. The generated key
CV must be one that is permitted by the processing method and the
key-generating key. The generated-key will be returned in this parameter.
- A key generation method keyword. Some keywords require Requires May 2004 or later version of Licensed Internal Code (LIC) or
a z890.
This service generates diversified keys as follows:
- Determines if it can support the process specified in rule array.
- Recovers the key-generating key and checks the key-generating
key class and the specified usage of the key-generating key.
- Determines that the control vector in the generated-key token
is permissible for the specified processing method.
- Determines that the control vector in the generated-key token
is permissible by the control vector of the key-generating key.
- Determines the required data length from the processing method
and the generated-key CV. Validates the data_length.
- Generates the key appropriate to the specific processing method.
Adjusts parity of the key to odd. Creates the internal token and returns
the generated diversified key.
The callable service name for AMODE(64) invocation is CSNEDKG.
|