Usage notes

Edit online

The usage notes for CSNDSYX.

The hardware configuration sets the limit on the modulus size of keys for key management; thus, this verb will fail if the RSA key modulus bit length exceeds this limit.

The strength of the exporter key expected by Symmetric Key Export depends on the attributes of the key being exported. The resulting return code and reason code when using an exporter KEK that is weaker depends on the Prohibit weak wrapping - Transport keys command (offset X'0328') and the Warn when weak wrap - Transport keys command (offset X'032C'):

  • If the Prohibit weak wrapping - Transport keys command (offset X'0328') is disabled (the default), the key strength requirement is not enforced. Using a weaker key results in return code 0 with a nonzero reason code if the Warn when weak wrap - Transport keys command (offset X'032C') is enabled. Otherwise, a reason code of zero is returned.
  • If the Prohibit weak wrapping - Transport keys (offset X'0328') access control point is enabled (using TKE), the key strength requirement will be enforced, and attempting to use a weaker key results in return code 8.

For AES DATA and AES CIPHER keys, the AES EXPORTER key must be at least as long as the key being exported to be considered sufficient strength.

Note that wrapping an AES 192-bit key or an AES 256-bit key with any RSA key will always be considered a weak wrap.

For HMAC keys, the AES EXPORTER must be sufficient strength as described in Table 1.
Table 1. AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER

AES EXPORTER strength required for exporting an HMAC key under an AES EXPORTER
Key-usage field 2 in the HMAC key contains Minimum strength of AES EXPORTER to adequately protect the HMAC key
SHA-256, SHA-384, SHA-512 256 bits
SHA-224 192 bits
SHA-1 128 bits
If an RSA public key is specified as the transporter_key_identifier, the RSA key used must have a modulus size greater than or equal to the total PKOAEP2 message bit length (key size plus total overhead), as described in Table 2.
Table 2. Minimum RSA modulus strength required to contain a PKOAEP2 block when exporting an AES key

Minimum RSA modulus strength required to contain a PKOAEP2 block when exporting an AES key
AES key size Total message sizes (and therefore minimum RSA key size) when the hash method is:
SHA-1 SHA-256 SHA-384 SHA-512
128 bits 736 bits 928 bits 1184 bits 1440 bits
192 bits 800 bits 992 bits 1248 bits 1504 bits
256 bits 800 bits 1056 bits 1312 bits 1568 bits
For AES keys, the AES EXPORTER must be sufficient strength as described in Table 3.
Table 3. Minimum RSA modulus length to adequately protect an AES key

Minimum RSA modulus length to adequately protect an AES key
AES key to be exported Minimum strength of RSA wrapping key to adequately protect the AES key
AES 128 3072 bits
AES 192 7860 bits
AES 256 15360 bits