z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


PKA Key Import (CSNDPKI and CSNFPKI)

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Use this service to import an external PKA private key token. (The private key must consist of a PKA private key and public key.) The secret values of the key may be:

  • Clear
  • Encrypted under a limited-authority DES importer key if the source_key_identifier is an RSA token
  • Encrypted under an AES Key Encryption Key if the source_key_identifier is an ECC token

This service can also import a clear PKA key. The PKA key token build service creates a clear PKA key token.

This service can also import an external trusted block token for use with the remote key export callable service.

Output of this service is an ICSF internal token of the RSA, DSS, or ECC private key or trusted block.

The callable service name for AMODE(64) invocation is CSNFPKI.

Restriction: DSS keys are not supported on the PCIXCC, CEX2C, or CEX3C.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014