Usage notes
The usage notes for CSNDSYI2.
This is the message layout used to encode the key material exported with the PKOAEP2 formatting method.
| Field | Size | Value |
|---|---|---|
| Hash field | 32 bytes | SHA-256 hash of associated data section in the source key identifier |
| Key bit length | 2 bytes | Variable |
| Key material | length in bytes of the key material (rounded up to the nearest byte) | Variable |
- Hash field
- The associated data for the HMAC variable length token is hashed using SHA-256.
- Key bit length
- A 2-byte key bit length field.
- Key material
- The key material is padded to the nearest byte with '0' bits.
The hardware configuration sets the limit on the modulus size of keys for key management; thus, this verb will fail if the RSA key modulus bit length exceeds this limit.
Specification of PKA92 with an input NOCV key-encrypting key token is not supported.
During initialization of a CEX*C, an Environment Identifier (EID) of zero is set in the coprocessor. This is interpreted by the Symmetric Key Import2 verb to mean that environment identification checking is to be bypassed. Thus it is possible on a Linux® on IBM® Z platform for a key-encrypting key RSA-enciphered at a node (EID) to be imported at the same node.