Restrictions

The restrictions for CSNDEDH.

  • The NIST security strength requirements are enforced, with respect to ECC curve type (input) and derived key-length. See Required commands about how you can override this enforcement.

    Table 1 lists the valid key bit lengths and the minimum curve size required for each of the supported output key types:
    Table 1. Valid key bit lengths and minimum curve size

    Valid key bit lengths and the minimum curve size required for each of the supported output key types of the EC Diffie-Hellman verb. Note that this is a complex table: Column one has more than one row.

    Output key ID type Valid key bit lengths Minimum curve required
    DES 64 P160
    128 P160
    192 P224
    AES 128 P256
    192 P384
    256 P512
  • A clear private key is only allowed when rule-array keyword DERIV01 is specified.
  • TRIPLE, TRIPLE-O, ZEROCV24, and WRAPENH2 rule array keywords are not supported in releases before Release 5.4 and Release 6.2.
  • Support for three-key Triple-DES keys is not available in releases before Release 5.4 and Release 6.2. Beginning with Release 5.4 and Release 6.2, this verb supports triple-length TDES keys. For a list of supported three-key Triple-DES key types see Table 1.

TR-31 tokens can only be used with this verb starting with CCA 8.1. Wrap rules and Translation control rules are not allowed for TR-31 tokens.