Size considerations for public and private keys

RACF® has restrictions for the size of the private key for certificates that have associated private keys.

For NISTECC keys, valid key sizes are 192, 224, 256, 384, and 521 bits. For BPECC keys, valid key sizes are 160, 192, 224, 256, 320, 384, and 512 bits.

For DSA keys, the minimum key size is 512. For RSA keys, the minimum size for clear RSA keys and secure RSA keys on the public key data set (PKDS) is 512 bits. The minimum size for secure RSA keys on the token key data set (TKDS) is 1024 bits and the size must be a multiple of 256. The maximum key size is determined by United States export regulations and is controlled by RACF and non-RACF code in z/OS. Depending on the installation, non-RACF code might enforce a lower maximum size.

Maximum key sizes: The maximum key size for a private key depends on key type, as follows:
Private key type Maximum key size
RSA key that is stored in the RACF database 4096 bits
RSA key that is stored in the ICSF TKDS as a secure key 4096 bits
RSA key that is stored in the ICSF PKDS as a CRT key token 4096 bits
DSA key 2048 bits
RSA key that is stored in the ICSF PKDS as an ME key token 1024 bits
NISTECC key 521 bits
BPECC key 512 bits

Currently, the standard sizes for RSA keys are as follows:

Key size Key strength
 512 bits Low-strength key
1024 bits Medium-strength key
2048 bits High-strength key
4096 bits Very high-strength key

Key strength considerations: Shorter keys of the ECC type, which are generated when you specify NISTECC or BPECC, achieve comparable key strengths when compared with longer RSA keys.

RSA, NISTECC, and BPECC keys of the following sizes are comparable in strength:
RSA key size NISTECC key size BPECC key size
 1024 bits 192 bits 160 or 192 bits
 2048 bits 224 bits 224 bits
 3072 bits 256 bits 256 or 320 bits
 7680 bits 384 bits 384 bits
15360 bits 521 bits 512 bits
Hashing algorithm used for signing: RACF signs certificates using a set of secure hash algorithms that are based on the SHA-1 or SHA-2 hash functions. When the signing key is a DSA type, the SHA-1 algorithm is used for keys of all sizes. When the signing key is an RSA, NISTECC, or BPECC type, the size of the signing key determines the hashing algorithm that is used for signing, as follows:

Hashing algorithm
used for signing

 Signing key size
RSA NISTECC BPECC
SHA-1 Less than 2048 bits
SHA-256

2048 bits or
longer

192, 224,
or 256 bits

160, 192, 224,
256, or 320 bits
SHA-384 384 bits 384 bits
SHA-512 521 bits 512 bits
Parent topic: Using RACF to manage digital certificates