Restrictions
The restrictions for CSNDEDH.
-
The NIST security strength requirements are enforced, with respect to ECC curve type (input) and derived key-length. See Required commands about how you can override this enforcement.
Table 1 lists the valid key bit lengths and the minimum curve size required for each of the supported output key types:Table 1. Valid key bit lengths and minimum curve size Valid key bit lengths and the minimum curve size required for each of the supported output key types of the EC Diffie-Hellman verb. Note that this is a complex table: Column one has more than one row.
Output key ID type Valid key bit lengths Minimum curve required DES 64 P160 128 P160 192 P224 AES 128 P256 192 P384 256 P512 - A clear private key is only allowed when rule-array keyword DERIV01 is specified.
- TRIPLE, TRIPLE-O, ZEROCV24, and WRAPENH2 rule array keywords are not supported in releases before Release 5.4 and Release 6.2.
- Support for three-key Triple-DES keys is not available in releases before Release 5.4 and Release 6.2. Beginning with Release 5.4 and Release 6.2, this verb supports triple-length TDES keys. For a list of supported three-key Triple-DES key types see Table 1.
TR-31 tokens can only be used with this verb starting with CCA 8.1. Wrap rules and Translation control rules are not allowed for TR-31 tokens.