Required commands
The required commands for CSNDSYG.
This verb requires the following commands to be enabled in the active role based on the key-formatting method and the algorithm:
| Key-formatting method | Algorithm | Offset | Command |
|---|---|---|---|
| PKCSOAEP or PKCS-1.2 | AES | X'012C' | Symmetric Key Generate - AES, PKCSOAEP, PKCS-1.2 |
| PKCSOAEP or PKCS-1.2 | DES | X'023F' | Symmetric Key Generate - DES, PKCS-1.2 |
| ZERO-PAD | AES | X'012D' | Symmetric Key Generate - AES, ZERO-PAD |
| ZERO-PAD | DES | X'023C' | Symmetric Key Generate - DES, ZERO-PAD |
| PKA92 | DES | X'010D' | Symmetric Key Generate - DES, PKA92 |
The use of the WRAP-ECB or WRAP-ENH key-wrapping method keywords requires the Symmetric Key Generate - Allow wrapping override keywords command (offset X'013E') to be enabled.
The following access-control points are also available:
- To disable the wrapping of a key with a weaker master key, the Prohibit weak wrapping - Master keys command (offset X'0333') must be enabled in the active role.
- To receive a warning when wrapping a key with a weaker master key, enable the Warn when weak wrap - Master keys command (offset X'0332') in the active role. The Prohibit weak wrapping - Master keys command overrides this command.
- To allow the creation of variable-length AES CIPHER or MAC tokens, enable the Allow CSNDSYG to generate AES CIPHER or MAC keys command (offset X'00D4').