- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- clear_key
-
Direction: Input | Type: String |
The clear key to be enciphered. Specify a 16-byte string
(clear key value). For single-length keys, the value must be left-justified
and padded with zeros. For effective single-length keys, the value
of the right half must equal the value of the left half. For double-length
keys, specify the left and right key values.
Note:
For key
types that can be single or double-length, a single length encrypted
key will be generated if a clear_key value of zeros is
supplied.
- key_type
-
Direction: Input | Type: Character string |
The type of key you want to encipher under the master key
or an importer key. Specify an 8-byte field that must contain a keyword
from this list or the keyword TOKEN. If the key type is TOKEN, ICSF determines
the key type from the CV in the key_identifier parameter.
Key type values for the Secure Key Import callable service
are: CIPHER, CVARDEC, CVARENC, CVARPINE, CVARXCVL, CVARXCVR, DATA,
DATAXLAT, DECIPHER, ENCIPHER, EXPORTER, IKEYXLAT, IMPORTER, IMP-PKA,
IPINENC, MAC, MACVER, OKEYXLAT, OPINENC, PINGEN and PINVER. For information
on the meaning of the key types, see Table 3.
- key_form
-
Direction: Input | Type: Character string |
The key form you want to generate. Enter a 4-byte keyword
specifying whether the key should be enciphered under the master key
(OP) or the importer key-encrypting key (IM). The keyword must be
left-justified and padded with blanks. Valid keyword values are OP
for encryption under the master key or IM for encryption under the
importer key-encrypting key. If you specify IM, you must specify an
importer key-encrypting key in the importer_key_identifier parameter.
For a key_type of IMP-PKA, this service supports only
the OP key_form.
- importer_key_identifier
-
Direction: Input/Output | Type: String |
The importer key-encrypting key under which you want to
encrypt the clear key. Specify either a 64-byte string of the internal
key format or a key label. If you specify IM for the key_form parameter,
the importer_key_identifier parameter is required.
- key_identifier
-
Direction: Input/Output | Type: String |
The generated encrypted key. The parameter is a 64-byte
string. The callable service returns either an internal key token
if you encrypted the clear key under the master key (key_form was
OP); or an external key token if you encrypted the clear key under
the importer key-encrypting key (key_form was IM).
If
the imported key_type is IMPORTER or EXPORTER and the key_form
is OP, the key_identifier parameter changes direction
to both input and output. If the application passes a valid internal
key token for an IMPORTER or EXPORTER key in this parameter, the NOCV
bit is propagated to the imported key token.
Note:
Propagation
of the NOCV bit is not performed if the service is processed on the
PCI Cryptographic Coprocessor.
The secure
key import service does not adjust key parity.
ICSF supports
two methods of wrapping the key value in a symmetric key token: the
original ECB wrapping and an enhanced CBC wrapping method which is
ANSI X9.24 compliant. The output key_identifier will use
the default wrapping method unless a skeleton token is supplied as
input. If a skeleton token is supplied as input, the wrapping method
in the skeleton token will be used.