Previous topic |
Next topic |
Contact z/OS |
RSA private and public keys
z/OS Cryptographic Services ICSF Overview
An RSA key pair includes a private and a public key. The RSA private key is used to generate digital signatures, and the RSA public key is used to verify digital signatures. The RSA public key is also used for key encryption of DES or AES DATA keys and the RSA private key for key recovery.
The RSA public key algorithm is based on the difficulty of the factorization problem. The factorization problem is to find all prime numbers of a given number, n. When n is sufficiently large and is the product of a few large prime numbers, this problem is believed to be difficult to solve. For RSA, n is typically at least 512 bits, and n is the product of two large prime numbers. For more information about the RSA public key algorithm, refer to the ISO 9796 standard and RSA's Frequently Asked Questions About Today's Cryptography.
Generating RSA keys on a Cryptographic Coprocessor Feature
The Cryptographic Coprocessor Feature does not provide the ability to generate RSA public and private keys within the secure hardware boundary. There are several ways to generate RSA key pairs and load them.
Generating RSA keys on a PCICC, PCIXCC, CEX2C, or CEX3C
With the PCICC, PCIXCC, CEX2C, or CEX3C, you can use the PKA key generate callable service to generate RSA public and private key pairs within the secure boundary of the cryptographic coprocessor. The PCICC/PCIXCC can generate RSA keys with a modulus size of 512 to 2048 bits. The CEX2C and CEX3C can generate RSA keys with a modulus size of 512 to 4096 bits. The RSA private key may be retained and used within the secure boundary of the cryptographic coprocessor. This capability is a requirement to be a SET Certificate Authority. The public key and the key name for the private key are stored in the ICSF public key data set (PKDS), but the value of a retained private key never appears in any form outside the cryptographic coprocessor.
Copyright IBM Corporation 1990, 2014