| Process rule (One required) |
| GENERATE |
Generate a verification pattern for the key supplied in
key_identifier. |
| VERIFY |
Verify a verification pattern for the key supplied in
key_identifier. |
| Key or key-part rule (One required) |
| KEY-ENC |
Specifies that the key supplied in key_identifier is a single-length
encrypted key. |
| KEY-ENCD |
Specifies that the key supplied in key_identifier is a double-length
encrypted key. |
| KEY-KM |
Specifies that the target is the master key register. |
| KEY-NKM |
Specifies that the target is the new master-key register. |
| KEY-OKM |
Specifies that the target is the old master-key register. |
| TOKEN |
Process an AES clear or encrypted key contained in an AES key-token. |
| Master-key selector (One, optional). Use only with
KEY-KM, KEY-NKM, or
KEY-OKM keywords. The default is to process the
ASYM-MK and SYM-MK key registers, which must
have the same key for the default to be valid. |
| AES-MK |
Process one of the AES master-key registers. |
| APKA-MK |
Process one of the APKA master-key registers. |
| ASYM-MK |
Specifies use of only the asymmetric master-key registers. |
| SYM-MK |
Specifies use of only the symmetric master-key registers. |
| Parity adjustment (One,
optional) Not valid with the AES-MK
Master-key selector keyword. |
| ADJUST |
Adjust the parity of test key to odd before generating or verifying
the verification pattern. The key_identifier field itself is not
adjusted. |
| NOADJUST |
Do not adjust the parity of test key to odd before generating or
verifying the verification pattern. This is the default. |
| Verification process
rule (One, optional) For the AES master key, SHA-256 is the
default. For the DES or PKA master keys, the default is SHA-1 if the first
and third parts of the key are different, or the IBM®
z/OS® method if the first and third parts of the key are the
same. |
| ENC-ZERO |
Specifies use of the encrypted zeros method. Use only
with the KEY-CLR, KEY-CLRD,
KEY-ENC, or KEY-ENCD keywords. A
4-byte verification pattern is generated for non-compliant-tagged tokens. A 3-byte verification
pattern is generated for compliant-tagged tokens. Required for triple-length TDES keys. |
| MDC-4 |
Specifies use of the MDC-4 master key verification method. Use only with the
KEY-KM, KEY-NKM, or
KEY-OKM keywords. You must specify one master-key selector keyword to
use this keyword. |
| SHA-1 |
Specifies use of the SHA-1 master-key-verification method. Use only with the
KEY-KM, KEY-NKM, or
KEY-OKM keywords. You must specify one master-key selector keyword to use
this keyword. |
| SHA-256 |
Specifies use of the SHA-256 master-key-verification method. |