| Algorithm (One,
optional) |
| AES |
Export an AES key. |
| DES |
Export a DES key. This is the default. |
| Recovery method (One
required) |
| PKA92 |
Specifies the key-encrypting key is encrypted under a PKA96 RSA
public key according to the PKA92 formatting structure. |
| PKCSOAEP |
Specifies to use the method found in RSA DSI PKCS #1V2 OAEP.
Supported by the DES and AES algorithms. The default hash method is SHA-1. Use the
SHA-256 keyword for the SHA-256 hash method. |
| PKCS-1.2 |
Specifies the method found in RSA DSI PKCS #1 block type 02. In
the RSA PKCS #1 v2.0 standard, RSA terminology describes this as the RSAES-PKCS1-v1_5
format. This method is deprecated and should not be used for any new development. |
| ZERO-PAD |
The clear key is right-aligned in the field provided, and the field
is padded to the left with zeros up to the size of the RSA encryption block (which is the modulus length).
This method is deprecated and should not be used for any new development.
|
| Key-wrapping method (One, optional) |
| USECONFG |
This is the default. Specifies to wrap the key using the configuration setting for
the default wrapping method. The default wrapping method configuration setting may be changed using
the TKE. This keyword is ignored for AES keys. |
| WRAP-ENH |
Specifies to wrap the key using the legacy wrapping method. This keyword is ignored for AES
keys. |
| WRAP-ECB |
Specifies to wrap the key using the enhanced wrapping method. Valid only for DES
keys. |
| WRAPENH2 |
Specifies to wrap the key using the enhanced wrapping method and SHA-256. Valid only for
TRIPLE or TRIPLE-O. This method requires CV bit 56 = B’1’ (ENH-ONLY).
This is the default for TRIPLE and TRIPLE-O.
|
| WRAPENH3 |
Specifies to wrap the key using the enhanced wrapping method with TDES-CMAC and the SHA-256 hashing algorithm.
This keyword sets CV bit 56 = B’1’ (ENH-ONLY), which is required for the WRAPENH3 wrapping method.
|
| Translation control (Optional) This is valid only
with key-wrapping method WRAP-ENH or with
USECONFG when the default wrapping method is
WRAP-ENH. This option cannot be used on a key with a control vector valued
to binary zeros. |
| ENH-ONLY |
Specifies to restrict the key from being wrapped with the legacy wrapping method after it has
been wrapped with the enhanced wrapping method. Sets bit 56 (ENH-ONLY) of the control vector to B'1'.
|
| Hash method (Optional). Valid only with keyword
PKCSOAEP. |
| SHA-1 |
Specifies to use the SHA-1 hash method to calculate the OAEP message hash. This is the
default. |
| SHA-256 |
Specifies to use the SHA-256 hash method to calculate the OAEP message hash. |