Required commands
The required commands for CSNDSYX.
This verb requires the following commands to be enabled in the active role based on the key-formatting method and the algorithm:
| Key-formatting method | Algorithm | Offset | Command |
|---|---|---|---|
| AESKW | AES | X'0327' | Symmetric Key Export - AESKW |
| AESKWCV (Release 4.4 or later) | DES | X'02B3' | Symmetric Key Export - AESKWCV |
| PKOAEP2 | AES | X'00FC' | Symmetric Key Export - AES,PKOAEP2 |
| PKOAEP2 | HMAC | X'00F5' | Symmetric Key Export - HMAC,PKOAEP2 |
| PKCSOAEP or PKCS-1.2 | AES | X'0130' | Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2 |
| PKCSOAEP or PKCS-1.2 | DES | X'0105' | Symmetric Key Export - DES, PKCS-1.2 |
| ZERO-PAD | AES | X'0131' | Symmetric Key Export - AES, ZERO-PAD |
| ZERO-PAD | DES | X'023E' | Symmetric Key Export - DES, ZERO-PAD |
| CKM_RAKW | AES | X'03B8' | Symmetric Key Export - AES, CKM-RAKW |
To disallow the wrapping of a key with a weaker key-encrypting key, enable the Prohibit weak wrapping - Transport keys command (offset X'0328') in the active role. This command affects multiple verbs. See Access control points and verbs.
To receive a warning when wrapping a key with a weaker key-encrypting key, enable the Warn when weak wrap - Transport keys command (offset X'032C') in the active role. The Prohibit weak wrapping - Transport keys command (offset X'0328') overrides this command.
The CKM_RAKW - Allow RSA2048 to wrap stronger keys (e.g.,AES-128,192,256) (offset X'033E') is used to create an exception when ACPs X'0328' or X'032C' or both are enabled, and you are using the CKM-RAKW keyword in verbs CSNDPKT and CSNDSYX to wrap a stronger key with a weaker key. If ACPs X'0328' and X'032C' are not enabled, then you do not need X'033E', but it does not cause any issues if it is enabled.