Required commands

The required commands for CSNDSYX.

This verb requires the following commands to be enabled in the active role based on the key-formatting method and the algorithm:

Required commands for the Symmetric Key Export verb

Key-formatting method Algorithm Offset Command
AESKW AES X'0327' Symmetric Key Export - AESKW
AESKWCV (Release 4.4 or later) DES X'02B3' Symmetric Key Export - AESKWCV
PKOAEP2 AES X'00FC' Symmetric Key Export - AES,PKOAEP2
PKOAEP2 HMAC X'00F5' Symmetric Key Export - HMAC,PKOAEP2
PKCSOAEP or PKCS-1.2 AES X'0130' Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2
PKCSOAEP or PKCS-1.2 DES X'0105' Symmetric Key Export - DES, PKCS-1.2
ZERO-PAD AES X'0131' Symmetric Key Export - AES, ZERO-PAD
ZERO-PAD DES X'023E' Symmetric Key Export - DES, ZERO-PAD
CKM_RAKW AES X'03B8' Symmetric Key Export - AES, CKM-RAKW

To disallow the wrapping of a key with a weaker key-encrypting key, enable the Prohibit weak wrapping - Transport keys command (offset X'0328') in the active role. This command affects multiple verbs. See Access control points and verbs.

To receive a warning when wrapping a key with a weaker key-encrypting key, enable the Warn when weak wrap - Transport keys command (offset X'032C') in the active role. The Prohibit weak wrapping - Transport keys command (offset X'0328') overrides this command.

The CKM_RAKW - Allow RSA2048 to wrap stronger keys (e.g.,AES-128,192,256) (offset X'033E') is used to create an exception when ACPs X'0328' or X'032C' or both are enabled, and you are using the CKM-RAKW keyword in verbs CSNDPKT and CSNDSYX to wrap a stronger key with a weaker key. If ACPs X'0328' and X'032C' are not enabled, then you do not need X'033E', but it does not cause any issues if it is enabled.