z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Digital Signature Generate (CSNDDSG and CSNFDSG)

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Use the digital signature generate callable service to generate a digital signature using a PKA private key. The digital signature generate callable service may use an RSA, DSS, or ECC private key, depending on the algorithm you are using. DSS is not supported on the PCIXCC, CEX2C, or CEX3C.

The PKA private key must be valid for signature usage. This service supports these methods:

  • ANSI X9.30 (DSS)
  • ANSI X9.30 (ECDSA)
  • ANSI X9.31 (RSA)
  • ISO 9796-1 (RSA)
  • RSA DSI PKCS 1.0 and 1.1 (RSA)
  • Padding on the left with zeros (RSA)
Note:
The maximum signature length is 512 bytes (4096 bits).

The input text should have been previously hashed using either the one-way hash generate callable service or the MDC generation callable service. See Formatting Hashes and Keys in Public-Key Cryptography.

If the PKA_private_key_identifier specifies an RSA private key, you select the method of formatting the text through the rule_array parameter. If the PKA_private_key_identifier specifies a DSS private key, the DSS signature generated is according to ANSI X9.30. For DSS, the signature is generated on a 20-byte hash created from SHA-1 algorithm. If the PKA_private_key_identifier specifies an ECC private key, the ECC signature generated is according to ANSI X9.30.

Note:
For PKCS the message digest and the message-digest algorithm identifier are combined into an ASN.1 value of type DigestInfo, which is BER-encoded to give an octet string D (see Table 223). D is the text string supplied in the hash variable.

The callable service name for AMODE(64) invocation is CSNFDSG.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014