| Key rule (One,
required) |
| KEY-CLR |
Specifies the key supplied in
key_identifier is a single-length clear key. |
| KEY-CLRD |
Specifies the key supplied in
key_identifier is a double-length clear key. |
| KEY-CLRT |
Process a triple-length Triple-DES clear key or clear key-part. |
| KEY-ENC |
Specifies the key supplied in
key_identifier is a single-length encrypted key. |
| KEY-ENCD |
Specifies the key supplied in key_identifier is a double-length
encrypted key. |
| KEY-ENCT |
Process a triple-length Triple-DES enciphered key or enciphered key-part supplied in a key token. |
| KEY-KM |
Specifies that the target is the master key register. |
| KEY-NKM |
Specifies that the target is the new master-key register. |
| KEY-OKM |
Specifies that the target is the old master-key register. |
| CLR-A128 |
Process a 128-bit AES clear-key or clear-key part. |
| CLR-A192 |
Process a 192-bit AES clear-key or clear-key part. |
| CLR-A256 |
Process a 256-bit AES clear-key or clear-key part. |
| TOKEN |
Process an AES clear or encrypted key contained in an AES key-token. |
| Master-key selector (One, optional). Use only with
KEY-KM, KEY-NKM, or
KEY-OKM keywords. |
| AES-MK |
Process one of the AES master-key registers. |
| APKA-MK |
Process one of the APKA master-key registers. |
| ASYM-MK |
Specifies use of only the asymmetric master-key registers. |
| SYM-MK |
Specifies use of only the symmetric master-key registers. |
| Process rule (One, required) |
| GENERATE |
Generate a verification pattern for the key supplied in
key_identifier. |
| VERIFY |
Verify a verification pattern for the key supplied in
key_identifier. |
| Parity adjustment (One,
optional) |
| ADJUST |
Adjust the parity of test key to odd before generating or verifying
the verification pattern. The key_identifier field itself is not
adjusted. |
| NOADJUST |
Do not adjust the parity of test key to odd before generating or
verifying the verification pattern. This is the default. |
| Verification process
rule (One, optional). See Cryptographic key-verification techniques. |
| ENC-ZERO |
Specifies use of the "encrypted zeros" method. Use only with
KEY-CLR, KEY-CLRD,
KEY-ENC, or KEY-ENCD keywords. The optional ENC-ZERO algorithm can be used with any key. A 4-byte verification pattern is
generated for non-compliant-tagged tokens. A 3-byte verification pattern is generated for
compliant-tagged tokens. |
| MDC-4 |
Specifies use of the MDC-4 master key verification method. Use only with the
KEY-KM, KEY-NKM, or
KEY-OKM keywords. You must specify one master-key selector keyword to use
this keyword. |
| SHA-1 |
Specifies use of the SHA-1 master-key-verification method. Use only with
KEY-KM, KEY-NKM, or
KEY-OKM keywords. You must specify one master-key selector keyword to use
this keyword. |
| SHA-256 |
Specifies use of the SHA-256 master-key-verification method. |
| No keyword, and first and third parts of the master key have different
values. |
Defaults to the use of the SHA-1 master-key verification method when the
ASYM-MK or SYM-MK master-key selector keyword is
specified. |
| No keyword, and first and third parts of the master key have the same
value. |
Defaults to the use of the IBM®
z/OS-based master-key verification method when the ASYM-MK or
SYM-MK master-key selector keyword is specified. |