Key Generate (CSNBKGN)
Use the Key Generate verb to generate an AES key of type DATA, or either one or two odd parity DES keys of any type.
The DES keys can be single-length (8-byte), double-length (16-byte), or, in the case of DATA keys, triple-length (24-byte). The AES keys can be 16, 24 or 32 bytes in length. The Key Generate verb does not produce keys in clear form; all keys are returned in encrypted form. When two keys are generated (DES only), each key has the same clear value, although this clear value is not exposed outside the secure cryptographic feature.
For AES, the verb returns only one copy of the key, enciphered under the AES master key. For DES, the verb selectively returns one copy of the key or two, with each copy enciphered under a user-specified DES key-encrypting key.
This verb returns the key to the application program that called it and the application program can then use the CCA key storage verbs to store the key in the key storage file.