Those ICSF functions that require a key, like encipher and decipher, expect the key in the form of a CCA token. If you already have a CCA token, perform the following steps before you try to set your algorithm object. For information about how to perform the following tasks, see BSAFE User’s Manual and BSAFE Library Reference Manual.

1. Create a key object.
2. Declare a KEY_TOKEN_INFO and fill it in.

   KEY_TOKEN_INFO is defined as follows in the BSAFE User’s Manual:

   typedef struct {
     ITEM manufacturerID;
     ITEM internalKeyInfo;
   } KEY_TOKEN_INFO;     

   The first ITEM is the address and length of one of the following three strings, depending on the CCA key token type you are using:

   • com.ibm.CCADES
   • com.ibm.CCARSAPublic
   • com.ibm.CCARSAPrivate

   The second ITEM is the address and length of your CCA key token.

3. Set the key information (B_SetKeyInfo) into the key object using the item and a key information type of KI_TOKEN as input.

If you don't already have a CCA token, you can supply a clear key to the function using one of the key information types mentioned in the section discussing the function you are using. BSAFE will convert the key to a CCA token. If you supply a clear BSAFE KI type to one of the ICSF functions, and the function is performed successfully, you can retrieve the key as a CCA token by invoking B_GetKeyInfo with KI_TOKEN as the key information type. A KEY_TOKEN_INFO struct is returned.