Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Callable Services for Working with Retained Private Keys z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|
Private keys can be generated, retained, and used within the secure boundary of a PCICC, PCIXCC, CEX2C, or CEX3C. Retained keys are generated by the PKA Key Generate (CSNDPKG) callable service. The private key values of retained keys never appear in any form outside the secure boundary. All retained keys have an entry in the PKDS that identifies the PCICC, PCIXCC, CEX2C, or CEX3C where the retained private key is stored. ICSF provides these callable services to list and delete retained private keys. Retained Key Delete Callable Service (CSNDRKD and CSNFRKD)The retained key delete callable service deletes a key that has been retained within a PCICC, PCIXCC, CEX2C, or CEX3C and also deletes the record containing the key token from the PKDS. Retained Key List Callable Service (CSNDRKL and CSNFKRL)The retained key list callable service lists the key labels of private keys that are retained within the boundaries of PCICC, PCIXCC, CEX2C, or CEX3C installed on your server. Clearing the retained keys on a coprocessorThe retained keys on a PCICC, PCIXCC, CEX2C, or CEX3C may be cleared. These are the conditions under which the retained key will be lost:
|
Copyright IBM Corporation 1990, 2014
|