Parameters

Edit online

The parameter definitions for CSNBCVG.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

key_type
Direction: Input
Type: String
A string variable containing a keyword for the key type. The keyword is eight bytes in length, left-aligned, and padded on the right with space characters. It is taken from the following list: 

 CIPHER        CVARXCVL           DKYGENKY         MAC
 CIPHERXI      CVARXCVR           ENCIPHER         MACVER
 CIPHERXL      DATA               EXPORTER         OKEYXLAT
 CIPHERXO      DATAC              IKEYXLAT         OPINENC
 CVARDEC       DATAM              IMPORTER         PINGEN
 CVARENC       DATAMV             IPINENC          PINVER
 CVARPINE      DECIPHER           KEYGENKY         SECMSG
For information on the meaning of the key types, see Table 1.
rule_array_count
Direction: Input
Type: Integer
A pointer to an integer variable containing the number of elements in the rule_array variable.
rule_array
Direction: Input
Type: String array
Keywords that provide control information to the verb. Each keyword is left-aligned in 8-byte fields, and padded on the right with blanks. All keywords must be in contiguous storage. Key Token Build (CSNBKTB) illustrates the key type and key usage keywords that can be combined in the Control Vector Generate and Key Token Build verbs to create a control vector.
See DES key usage restrictions for the key usage keywords that can be specified for a given key type. The rule_array keywords are described in Table 1.
Table 1. Keywords for Control Vector Generate control information

Keywords for Control Vector Generate control information
Keyword Description
Key usage keywords: These keywords allow the key to be use with a callable service, restrict the key to a single algorithm, or allow the key to be used for a specific function (One, required)
Key encrypting keys
OPIM IMPORTER keys that have this attribute can be used in the CSNBKGN service when the key form is OPIM.
IMEX IMPORTER and EXPORTER keys that have this attribute can be used in the CSNBKGN service when the key form is IMEX.
IMIM IMPORTER keys that have this attribute can be used in the CSNBKGN service when the key form is IMIM.
IMPORT IMPORTER keys that have this attribute can be used to import a key in the CSNBKIM service.
OPEX EXPORTER keys that have this attribute can be used in the CSNBKGN service when the key form is OPEX.
EXEX EXPORTER keys that have this attribute can be used in the CSNBKGN service when the key form is EXEX.
EXPORT EXPORTER keys that have this attribute can be used to export a key in the CSNBKEX service.
XLATE IMPORTER and EXPORTER keys that have this attribute can be used in the CSNBKTR and CSNBKTR2 services.
ANY This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
NOT-KEK This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
DATA This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
LMTD-KEK This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
MAC keys
ANY-MAC A key with this attribute can be used with any service that uses MAC keys.
CVVKEY-A Restricts the usage of the key to single-length key-A key or double-length key-A and key-B keys for the CSNBCSG and CSNBCSV services.
CVVKEY-B Restricts the usage of the key to single-length key-B key for the CSNBCSG and CSNBCSV services.
AMEX-CSC This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
ANSIX9.9 This key attribute has been discontinued. Its usage is allowed for backward compatibility reasons only.
Data operation keys

When the key type is SECMSG, either SMKEY or SMPIN must be specified in the rule_array.
SMKEY A key with this attribute can be used to encrypt keys in an EMV secure message.
SMPIN A key with this attribute can be used to encrypt PINs in an EMV secure message.
PIN keys
NO-SPEC The key is not restricted to a specific PIN-calculation method.
IBM-PIN The key can be used with the IBM 3624 PIN-calculation method.
IBM-PINO The key can be used with the IBM 3624 PIN-calculation method with offset processing.
GBP-PIN The key can be used with the IBM German Bank Pool PIN-calculation method.
GBP-PINO The key can be used with the IBM German Bank Pool PIN-calculation method with institution-PIN input or output.
VISA-PVV The key can be used with the Visa PVV PIN-calculation method.
INBK-PIN The key can be used with the InterBank PIN-calculation method.
NOOFFSET Indicates that a PINGEN or PINVER key cannot be used to generate or verify of a PIN when an offset process is requested.
CPINGEN The key can be used with the CSNBPGN service.
CPINGENA The key can be used with the CSNBCPA service.
EPINGEN The key can be used with the CSNBEPG service.
EPINVER The key can be used with the CSNBPVR service.
CPINENC The key can be used with the CSNBCPE service.
REFORMAT The key can be used with the CSNBPTR service in the REFORMAT mode.
TRANSLAT The key can be used with the CSNBPTR service in the TRANSLATE mode.
EPINGENA This key attribut has been discontinued. Its usage is allowed for backward compatibility reasons only.
Key-generating keys

When the key type is KEYGENKY, either CLR8-ENC or UKPT must be specified in the rule array.
CLR8-ENC The key can be used to multiply-encrypt 8 bytes of clear data with a generating key.
DALL The key can be used to generate keys with the following key types: DATA, DATAC, DATAM, DATAMV, DMKEY, DMPIN, EXPORTER, IKEYXLAT, IMPORTER, MAC, MACVER, OKEYXLAT, and PINVER.
DDATA The key can be used to generate a single-length or double-length DATA or DATAC key.
DEXP The key can be used to generate an EXPORTER or an OKEYXLAT key.
DIMP The key can be used to generate an IMPORTER or an IKEYXLAT key.
DMAC The key can be used to generate a MAC or DATAM key.
DMKEY The key can be used to generate a SECMSG with a SMKEY secure messaging key for encrypting keys.
DMPIN The key can be used to generate a SECMSG with a SMPIN secure messaging key for encrypting PINs.
DMV The key can be used to generate a MACVER or DATAMV key.
DPVR The key can be used to generate a PINVER key.
DKYL0 A DKYGENKY key with this subtype can be used to generate a key based on the key-usage bits.
DKYL1 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL0.
DKYL2 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL1.
DKYL3 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL2.
DKYL4 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL3.
DKYL5 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL4.
DKYL6 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL5.
DKYL7 A DKYGENKY key with this subtype can be used to generate a DKYGENKY key with a subtype of DKYL6.
UKPT The key can be used to derive operational keys.
Key management keywords

These keywords are valid with all key types. The keywords are used to allow or disallow key management functions.
Key lengths
MIXED Indicates that the key can be either a replicated single-length key or a double-length key with two different, random 8-byte values.
SINGLE, KEYLN8 Specifies the key as a single-length key.
DOUBLE, KEYLN16 Specifies the key as a double-length key.
DOUBLE-O Specifies the key as a double-length key with guaranteed different key values.
TRIPLE Specifies the key as a triple-length Triple-DES key; (see Note 4).
TRIPLE-O Specifies the key as a triple-length Triple-DES key that has key parts guaranteed unique; (see Note 4).
Miscellaneous attributes
COMP-TAG The key can be used with PCI-HSM compliant applications.
ENH-ONLY Prohibits the key from being wrapped with the legacy method after it has been wrapped with the enhanced method.
KEY-PART Specifies the control vector is for a key part.
NO-XPORT Prohibits the key from being exported by Key Export or Data Key Export.
NOEXCPAC Prohibits export to CPACF protected key format.
NOCMPTAG The key cannot be used with PCI-HSM compliant applications.
NOT31XPT Prohibits the key from being exported by the TR31 Translate verb.
T31XPTOK Permits the key to be exported by the TR31 Translate verb.
XPORT-OK Permits the key to be exported by Key Export or Data Key Export. Also permits the key to be exported by the TR31 Translate verb, unless NOT31XPT is enabled.
XPRTCPAC Allows export to CPACF protected key format.
Note:
  1. When the KEYGENKY key_type is coded, either CLR8-ENC or UKPT must be specified in the rule_array.
  2. When the SECMSG key_type is coded, either SMKEY or SMPIN must be specified in the rule_array.
  3. The DOUBLE-O keyword and, beginning with Release 5.4 and Release 6.2, the TRIPLE-O keyword sets the control vector bit 40 of the key form bits to B'1'. When CV bit 40 is set to B'1', the key halves of a double-length key and the key parts of a triple-length key (ignoring parity bits) are guaranteed to be unique. A double-length key with replicated key halves has an effective key length of single. A triple-length key with replicated key parts can have an effective key length of double (that is, the left and right 56-bit key parts are equal, and the middle 56-bit key part is unique) or single (that is, the left key part and middle key part are equal, or the middle key part and right key part are equal, or the left, middle, and right key parts are equal).
  4. The DATA key type has more than one default based on the key length. The following describes how to build each default DATA control vector (as shown in Control vector table):
    • For internal single-length, specify no rule-array keywords, or specify SINGLE or KEYLN8.
    • For internal double-length, specify DOUBLE, KEYLN16, or MIXED.
    • For external single-length, use the Key Token Build verb and specify rule-array keywords of EXTERNAL, DES, and either SINGLE, or KEYLN8.
    • For external double-length, use the Key Token Build verb, specify rule-array keywords of EXTERNAL, DES, and either DOUBLE, KEYLN16, or MIXED.
    • For internal triple-length (Release 5.4 or later and Release 6.2 or later), specify TRIPLE.
    • For external triple-length (Release 5.4 or later and Release 6.2 or later), use the Key Token Build verb, specify rule-array keywords of EXTERNAL, DES, and TRIPLE.
reserved
Direction: Input
Type: String

The reserved parameter must be a variable of eight bytes of X'00'.

control_vector
Direction: Output
Type: String

A 16-byte string variable in application storage where the verb returns the generated control vector.