Reason codes for return code 0 (0)
| Reason Code Hex (Decimal) | Description |
|---|---|
| 0 (0) | The call to the ICSF
callable service was successfully processed. No error was encountered. User action: None. |
| 2 (2) | The call to the ICSF callable service was
successfully processed. A minor error was detected. A key used in the service did not have odd
parity. This key could be one provided by you as a parameter or be a key (perhaps one of many keys)
that was retrieved from the in-storage CKDS. User action: Refer to the reason code obtained when the key passed to this service was transformed into operational form using clear key import, multiple clear key import, key import, secure key import, or multiple secure key import callable services. Check if any of the services prepared an even parity key. If one of these services reported an even parity key, you need to know which key is affected. If none of these services identified an even parity key, then the even parity key detected was found on the CKDS. Report this to your administrator. REASONCODES: ICSF 4 (4) |
| 4 (4) | The call to the ICSF callable service was
successfully processed. A minor error was detected. A key used in the service did not have odd
parity. This key could be one provided by you as a parameter or be a key (perhaps one of many keys)
that was retrieved from the in-storage CKDS. User action: Refer to the reason code obtained when the key passed to this service was transformed into operational form using clear key import, multiple clear key import, key import, secure key import, or multiple secure key import callable services. Check if any of the services prepared an even parity key. If one of these services reported an even parity key, you need to know which key is affected. If none of these services identified an even parity key, then the even parity key detected was found on the CKDS. Report this to your administrator. REASONCODES:TSS 2 (2) |
| 8 (8) | The CKDS key
record read callable service attempted to read a NULL key record.
The returned key token contains a null token. User action: None required. |
| 862 (2146) | The call to the callable service was successfully
processed. A key was wrapped by a weaker key. This reason code is
returned when either the "Warn when weak wrap - Transport keys" or
"Warn when weak wrap - Master keys" access control point is enabled.
User action: None required. If you wish to prohibit weak key wrapping, enable the access control point "Prohibit weak wrapping - Transport keys" and "Prohibit weak wrapping - Master keys" access control points using the TKE workstation. |
| 87D (2173) | The call to the callable service was successfully processed. The key token format was already payload version 1 (fixed-length). |
| BC2 (3010) | The call to CSFIQF was successful. Additionally, the coprocessor adapter is disabled by TKE. |
| D25 (3365) | KDS multi-purpose service completed and there are informational messages logged. |
| DAC (3500) | The Options Data Set Refresh function completed. All changes were successful. |
| F9D (3997) | Clear RSA CRT private key material passed to a callable service had prime p less than prime q which is in violation of the standard. The key parts have been corrected by swapping primes p and q, swapping CRT exponents dp and dq, and recalculating qInv = q^-1 mod p (called U in IBM Common Cryptographic Architecture (CCA) publications). |
| 2710 (10000) | The call to the callable
service was successfully processed. The keys in one or more key identifiers
have been reenciphered from encipherment under the old master key
to encipherment under the current master key. User action: If you obtained your operational token from a file, replace the token in the file with the token just returned from ICSF. Management of internal tokens is a user responsibility. Consider the possible case where the token for this call was fetched from a file, and where this reason code is ignored. For the next invocation of the service, the token will be fetched from the file again, and the service will give this reason code again. If this continues until the master key is changed again, then the next use of the internal token will fail. |
| 2711 (10001) | The call to the callable service was successfully processed. The keys in one or more key identifiers were encrypted under the old master key. The callable service was unable to reencipher the key. |
| 2713 (10003) | The call to the callable service was successfully
processed. Weak key used. The strength of the KEK key is less than
the strength of the key to be wrapped. If Access Control Point 'Prohibit weak wrapping - Transport keys' is not enabled, this informational Reason Code will be returned. If Access Control Point 'Prohibit weak wrapping - Transport keys' is enabled you will receive an error from the callable service. User action: None. |