# Asymmetric keys

ICSF supports RSA and ECC keys:

- RSA
- An RSA key pair includes a private key and a public key. RSA
keys can be used for key distribution and authentication. The private
key can be restricted to authentication only or key management only.
Table 1. RSA keys Key Callable services The length of the modulus may be 512-4096 bits.

Modules-exponent and Chinese Remainder Theorem formats are supported.Private Digital Signature Generate, Key Test2, PKA Public Key Extract, Public Key Decrypt, Restrict Key Attribute, SET Block Decompose, Symmetric Key Import, Symmetric Key Import2 Public Digital Signature Verify, Key Test2, Public Key Encrypt, SET Block Compose, Symmetric Key Export, Symmetric Key Export with Data, Symmetric Key Generate

Availability notes: RSA
keys with a modulus greater than 2048 bits are supported on the z9
EC, z9 BC, and later systems with a CEX2C or later coprocessor with
the November 2007 or later licensed internal code.

- ECC
- An ECC key pair includes a private and public key. ECC keys can
be used for authentication and symmetric key derivation. ECC keys
are used to derive AES and DES keys using the Diffie-Hellman protocol.
The private key can be restricted to authentication only or key derivation
only.
Table 2. ECC keys Key Callable services Private Digital Signature Generate, ECC Diffie-Hellman Public Digital Signature Verify, ECC Diffie-Hellman

Availability notes: ECC keys are supported
on the z10 EC, z10 BC, and later systems with a CEX3C and later coprocessor
with the November 2010 or later licensed internal code.