Summary of callable services
Table 1 lists the callable services described
in this publication, and their corresponding verbs. The figure also
references the topic that describes the callable service.
| Service | Service name | Function |
|---|---|---|
| Managing symmetric cryptographic keys | ||
CSNBCKI
CSNECKI |
Clear Key Import | Imports an 8-byte clear DES DATA key, enciphers it under the master key, and places the result into an internal key token. CSNBCKI converts the clear key into operational form as a DATA key. |
CSNBCVG
CSNECVG |
Control Vector Generate | Builds a control vector from keywords specified by the key_type and rule_array parameters. |
CSNBCVT
CSNECVT |
Control Vector Translate | Changes the control vector used to encipher an external DES key. |
CSNBCVE
CSNECVE |
Cryptographic Variable Encipher | Uses a CVARENC key to encrypt plaintext by using the Cipher Block Chaining (CBC) method. The plaintext must be a multiple of eight bytes in length. |
CSNBDCM
CSNEDCM |
Derive ICC MK | Generates ICC master keys from issuer master keys. ICC master keys are needed for ICC personalization, EMV transaction processing, and EMV scripting. Optionally, this service returns the ICC master key as an external token wrapped under a key-encrypting key (KEK). |
|
CSNBDDK
CSNEDDK |
Diversify Directed Key | Generate and derive keys using the direct key diversification key scheme. |
CSNBDKG
CSNEDKG |
Diversified Key Generate | Generates a DES key based upon the key-generating key, the processing method, and the parameter data that is supplied. |
CSNBDKG2
CSNEDKG2 |
Diversified Key Generate2 | Generates an AES key based on a function of a key-generating key, the process rule, and data that you supply. |
|
CSNBDKM
CSNEDKM |
Data Key Import | Imports an encrypted source DES DATA key and creates or updates a target internal key token with the master key enciphered source key. |
|
CSNBDKX
CSNEDKX |
Data Key Export | Converts a DES DATA key from operational form into exportable form. |
CSNBDSK
CSNEDSK |
Derive Session Key | Derives a session key from either an issuer master key or an ICC master key. The session key can be used for EMV transaction processing or EMV scripting. |
CSNDEDH
CSNFEDH |
ECC Diffie-Hellman | Creates symmetric key material from a pair of ECC keys using the Elliptic Curve Diffie-Hellman protocol and the static unified model key agreement scheme or “Z” data (the “secret” material output from D-H process). |
CSNBGIM
CSNEGIM |
Generate Issuer MK | Helps with the initial steps of EMV setup by generating and storing the issuer master keys. Optionally, the issuer master keys can be returned as external tokens wrapped under a key-encrypting key (KEK) that is shared with the ICC personalization system. |
CSNBKET
CSNEKET |
Key Encryption Translate | Change the encryption of DES key material in a key token wrapped with ECB (legacy method) and key material wrapped with CBC. |
CSNBKEX
CSNEKEX |
Key Export | Converts any DES key from operational form into exportable form. (However, this service does not export a key that was marked non-exportable when it was imported.) |
CSNBKGN
CSNEKGN |
Key Generate | Generates a 64-bit, 128-bit, or 192-bit odd parity DES key, or a pair of DES keys; and returns them in encrypted forms (operational, exportable, or importable). Generates a 128-bit, 192-bit, or 256-bit AES DATA key and returns them in operational form. CSNBKGN does not produce keys in clear. |
CSNBKGN2
CSNEKGN2 |
Key Generate2 | Generates a variable-length HMAC or AES key or a pair of keys; and returns them in encrypted forms (operational, exportable, or importable). |
CSNBKIM
CSNEKIM |
Key Import | Converts any DES key from importable form into operational form. |
CSNBKPI
CSNEKPI |
Key Part Import | Combines the clear key parts of any DES key type and returns the combined key value in an internal key token or an update to the CKDS. |
CSNBKPI2
CSNEKPI2 |
Key Part Import2 | Combines the clear key parts of an HMAC or AES key and returns the combined key value in an internal key token or an update to the CKDS. |
CSNBKYT
CSNEKYT CSNBKYTX CSNEKYTX |
Key Test | Generates or verifies (depending on keywords in the rule array) a secure verification pattern for keys. CSNBKYT and CSNEKYT require the tested key to be in the clear or encrypted under the master key. CSNBKYTX and CSNEKYTX also allow the tested key to be encrypted under a key-encrypting key. |
CSNBKYT2
CSNEKYT2 |
Key Test2 | Generates or verifies (depending on keywords in the rule array) a secure verification pattern for keys. CSNBKYT2 and CSNEKYT2 allow the tested key to be in the clear or encrypted under the master key or a key-encrypting key. |
CSNBKTB
CSNEKTB |
Key Token Build | Builds an internal or external token from the supplied parameters. You can use this service to build CCA key tokens for all DES key types ICSF supports. |
CSNBKTB2
CSNEKTB2 |
Key Token Build2 | Builds an internal or external key token from the supplied parameters. You can use this service to build CCA key tokens of all the AES and HMAC key types. You can use this callable service to build an internal clear key token for any key type for input to the key test2 callable service. You can use this callable service to build a skeleton token for input to the key generate2 and key part import2 callable services. |
CSNBKTR
CSNEKTR |
Key Translate | Uses one key-encrypting key to decipher a DES input key and then enciphers this key using another key-encrypting key within the secure environment. |
CSNBKTR2
CSNEKTR2 |
Key Translate2 | Uses one key-encrypting key to decipher AES and HMAC input keys and then enciphers this key using another key-encrypting key within the secure environment. Converts an AES fixed-length DATA key to a variable-length CIPHER key. Supports applying the compliant tag to an existing token as well as checking if a legacy token can be successfully tagged. |
CSNBCKM
CSNECKM |
Multiple Clear Key Import | Imports a single-, double-, or triple-length clear DES DATA key, enciphers it under the master key, and places the result into an internal key token. CSNBCKM converts the clear key into operational form as a DATA key. |
CSNBSKM
CSNESKM |
Multiple Secure Key Import | Enciphers a single-, double-, or triple-length clear DES key under
the master key or an input importer key, and places the result into an internal or external key
token as any key type. Enciphers a clear AES DATA key under the master key.
This service executes only in special secure mode. |
CSNDPKD
CSNFPKD |
PKA Decrypt | Uses an RSA private key to decrypt the RSA-encrypted key value and return the clear key value to the application. |
CSNDPKE
CSNFPKE |
PKA Encrypt | Encrypts a supplied clear key value under an RSA public key. |
CSNBPEX
CSNEPEX |
Prohibit Export | Modifies an operational DES key so that it cannot be exported. |
CSNBPEXX
CSNEPEXX |
Prohibit Export Extended | Changes the external token of a DES key in exportable form so that it can be imported at the receiver node but not exported from that node. |
CSNBRKA
CSNERKA |
Restrict Key Attribute | Modifies an AES, HMAC, or DES key so that is cannot be exported. Modifies an AES or HMAC to restrict other attributes of the token. |
CSNBRNG
CSNERNG CSNBRNGL CSNERNGL |
Random Number Generate
Random Number Generate Long |
Generates an 8-byte random number or a random number with a user-specified length. The output can be specified in three forms of parity: RANDOM, ODD, and EVEN. |
CSNDRKX
CSNFRKX |
Remote Key Export | Generates or exports DES keys for local use and for distribution to an ATM or other remote device. RKX uses a special structure to hold encrypted symmetric keys in a way that binds them to the trusted block and allows sequences of RKX calls to be bound together as if they were an atomic operation. |
CSNBSKI
CSNESKI |
Secure Key Import | Enciphers a clear key under the master
key, and places the result into an internal or external key token
as any DES key type. This service executes only in special secure mode. |
CSNBSKI2
CSNESKI2 |
Secure Key Import2 | Enciphers a variable-length
clear HMAC or AES key under the master key, and places the result
into an internal key token as any key type. Enciphers a variable-length clear HMAC or AES key under a key-encrypting key, and places the result into an external key token as any key type. This service executes only in special secure mode. |
CSNDSYX
CSNFSYX |
Symmetric Key Export | Transfers an application-supplied symmetric key from encryption under the host master key to encryption under an application-supplied RSA public key or AES EXPORTER key. The application-supplied key must be an internal key token or the label in the CKDS of a DES DATA, AES DATA, or variable-length symmetric key token. |
CSNDSXD
CSNFSXD |
Symmetric Key Export with Data | Export a symmetric key encrypted using an RSA key, inserted in a PKCS#1 block type 2, with some extra data supplied by the application. |
CSNDSYG
CSNFSYG |
Symmetric Key Generate | Generates a symmetric DES DATA key and returns the key in two forms: enciphered under the DES master key or KEK and under an RSA public key. Generates a symmetric AES DATA key and returns the key in two forms: enciphered under the AES master key and under an RSA public key. |
CSNDSYI
CSNFSYI |
Symmetric Key Import | Imports a symmetric key enciphered under an RSA public key into operational form enciphered under a host master key. |
CSNDSYI2
CSNFSYI2 |
Symmetric Key Import2 | Imports a symmetric key enciphered under an RSA public key or AES EXPORTER key into operational form enciphered under a host master key. |
CSNDTBC
CSNETBC |
Trusted Block Create | Creates a trusted block in a two step process. The block will be in external form, encrypted under an IMP-PKA transport key. This means that the MAC key contained within the trusted block will be encrypted under the IMP-PKA key. |
CSNBT31X
CSNET31X |
TR-31 Translate | Converts a CCA token to TR-31 format for export to another party. |
CSNBT31I
CSNET31I |
TR-31 Import | Converts a TR-31 key block to a CCA token. |
CSNBT31P
CSNET31P |
TR-31 Parse | Retrieves standard header information from a TR-31 key block without importing the key. |
CSNBT31R
CSNET31R |
TR-31 Optional Data Read | Obtains lists of the optional block identifiers and optional block lengths, and obtains the data for a particular optional block. |
CSNBT31O
CSNET31O |
TR-31 Optional Data Build | Constructs the optional block data structure for a TR-31 key block. |
CSNBUKD
CSNEUKD |
Unique Key Derive | Derives a DES key using a base derivation key
and derivation data. The following key types can be derived:
|
| Protecting data | ||
CSNBCTT2
CSNBCTT3 CSNECTT2 CSNECTT3 |
Cipher Text Translate2 | Translates the user-supplied ciphertext from
one key and enciphers the ciphertext to another key. Supports both
AES and DES algorithms. CSNBCTT2 and CSNECTT2 require the ciphertext to reside in the caller's primary address space. CSNBCTT3 and CSNECTT3 allow the ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBDEC
CSNEDEC CSNBDEC1 CSNEDEC1 |
Decipher | Deciphers data using the cipher block
chaining mode of the DES.
(The method depends on the token marking or keyword specification.)
The result is called plaintext. CSNBDEC and CSNEDEC require the plaintext and ciphertext to reside in the caller's primary address space. CSNBDEC1 and CSNEDEC1 allow the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBDCO
CSNEDCO |
Decode | Decodes an 8-byte string of data using the electronic code book mode of the DES. (This is for DES encryption only.) |
CSNBENC
CSNEENC CSNBENC1 CSNEENC1 |
Encipher | Enciphers data using the cipher block
chaining mode of the DES.
(The method depends on the token marking or keyword specification.)
The result is called ciphertext. CSNBENC and CSNEENC require the plaintext and ciphertext to reside in the caller's primary address space. CSNBENC1 and CSNEENC1 allow the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBECO
CSNEECO |
Encode | Encodes an 8-byte string of data using the electronic code book mode of the DES. (This is for DES encryption only.) |
CSNBSAD
CSNESAD CSNBSAD1 CSNESAD1 |
Symmetric Algorithm Decipher | Deciphers data using the AES algorithm
in an address space or a data space using the cipher block chaining
or electronic code book modes. CSNBSAD and CSNESAD require the plaintext and ciphertext to reside in the caller's primary address space. CSNBSAD1 and CSNESAD1 allows the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBSAE
CSNESAE CSNBSAE1 CSNESAE1 |
Symmetric Algorithm Encipher | Enciphers data using the AES algorithm
in an address space or a data space using the cipher block chaining
or electronic code book modes. CSNBSAE and CSNESAE require the plaintext and ciphertext to reside in the caller's primary address space. CSNBSAE1 and CSNESAE1 allows the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBSYD
CSNBSYD1 CSNESYD CSNESYD1 |
Symmetric Key Decipher | Deciphers data using the AES or DES
algorithm in an address space or a data space using one
of the supported modes. Both clear and secure keys
are supported. CSNBSYD and CSNESYD require the plaintext and ciphertext to reside in the caller's primary address space. CSNBSYD1 and CSNESYD1 allow the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
CSNBSYE
CSNBSYE1 CSNESYE CSNESYE1 |
Symmetric Key Encipher | Enciphers data using the AES or DES
algorithm in an address space or a data space using one
of the supported modes. Both clear and secure keys
are supported. CSNBSYE and CSNESYE require the plaintext and ciphertext to reside in the caller's primary address space. CSNBSYE1 and CSNESYE1 allows the plaintext and ciphertext to reside in the caller's primary address space or in a z/OS data space. |
| Verifying data integrity and authenticating messages | ||
CSNBHMG
CSNEHMG CSNBHMG1 CSNEHMG1 |
HMAC Generate | Generates message
authentication code (MAC) for a text string that the application program
supplies. The MAC is computed using the FIPS-198 Keyed-Hash Message
Authentication Code algorithm. CSNBHMG and CSNEHMG require data to reside in the caller’s primary address space. CSNBHMG1 and CSNEHMG1 allow data to reside in the caller’s primary address space or in a z/OS data space. |
CSNBHMV
CSNEHMV CSNBHMV1 CSNEHMV1 |
HMAC Verify | Verifies message authentication
code (MAC) for a text string that the application program supplies.
The MAC is computed using the FIPS-198 Keyed-Hash Message Authentication
Code algorithm. CSNBHMV and CSNEHMV requires data to reside in the caller’s primary address space. CSNBHMV1 and CSNEHMV1 allows data to reside in the caller’s primary address space or in a z/OS data space. |
CSNBMGN
CSNEMGN CSNBMGN1 CSNEMGN1 |
MAC Generate | Generates a 4-, 6-, or 8-byte message authentication code (MAC) for
a text string that the application program supplies. The MAC is computed using a
DES key and DES based algorithms.
CSNBMGN and CSNEMGN require data to reside in the caller's primary address space. CSNBMGN1 and CSNEMGN1 allow data to reside in the caller's primary address space or in a z/OS data space. |
CSNBMGN2
CSNEMGN2 CSNBMGN3 CSNEMGN3 |
MAC Generate2 | Generates a keyed hash message authentication code (HMAC) or a ciphered message authentication code (CMAC) for the message string provided as input. |
CSNBMVR
CSNEMVR CSNBMVR1 CSNEMVR1 |
MAC Verify | Verifies a 4-, 6-, or 8-byte message authentication code (MAC) for
a text string that the application program supplies. The MAC is computed using a
DES key and DES based algorithms. CSNBMVR and CSNEMVR require data to reside in the caller's primary address space. CSNBMVR1 and CSNEMVR1 allow data to reside in the caller's primary address space or in a z/OS data space. |
CSNBMVR2
CSNEMVR2 CSNBMVR3 CSNEMVR3 |
MAC Verify2 | Verifies a keyed hash message authentication code (HMAC) or a ciphered message authentication code (CMAC) for the message text provided as input. |
CSNBMDG
CSNEMDG CSNBMDG1 CSNEMDG1 |
MDC Generate | Generates a 128-bit modification
detection code (MDC) for a text string that the application program
supplies. CSNBMDG and CSNEMDG require data to reside in the caller's primary address space. CSNBMDG1 and CSNEMDG1 allow data to reside in the caller's primary address space or in a z/OS data space. |
CSNBOWH
CSNEOWH CSNBOWH1 CSNEOWH1 |
One Way Hash Generate | Generates a one-way hash on specified text. |
CSNBSMG,
CSNESMG CSNBSMG1 CSNESMG1 |
Symmetric MAC Generate | Use the symmetric MAC generate callable
service to generate a 96- or 128-bit message authentication code (MAC)
for an application-supplied text string using a clear AES key. CSNBSMG1 allows data to reside in the caller's primary address space or in a z/OS data space. |
CSNBSMV,
CSNESMV CSNBSMV1 CSNESMV1 |
Symmetric MAC Verify | Use the symmetric MAC verify callable
service to verify a 96- or 128-bit message authentication code (MAC)
for an application-supplied text string using a clear AES key. CSNBSMV1 allows data to reside in the caller's primary address space or in a z/OS data space. |
| Financial services | ||
CSNBAPG
CSNEAPG |
Authentication Parameter Generate | Generate an authentication parameter (AP) and optionally return it encrypted under a supplied encrypting key. |
CSNBCPE
CSNECPE |
Clear PIN Encrypt | Formats a PIN into a PIN block format and encrypts the results. |
CSNBPGN
CSNEPGN |
Clear PIN Generate | Generates a clear personal identification
number (PIN), a PIN verification value (PVV), or an offset using one
of these algorithms:
This service executes only in special secure mode. |
CSNBCPA
CSNECPA |
Clear PIN Generate Alternate | Generates a clear VISA PIN validation value (PVV) from an input encrypted PIN block. The PIN block may have been encrypted under either an input or output PIN encrypting key. The IBM-PINO algorithm is supported to produce a 3624 offset from a customer selected encrypted PIN. |
CSNBCKC
CSNECKC |
CVV Key Combine | Combines two single-length CCA internal key tokens into 1 double-length CCA key token containing a CVVKEY-A key type. |
CSNBDCM
CSNEDCM |
Derive ICC MK | Generates ICC master keys from issuer master keys. ICC master keys are needed for ICC personalization, EMV transaction processing, and EMV scripting. Optionally, this service returns the ICC master key as an external token wrapped under a key-encrypting key (KEK). |
CSNBESC
CSNEESC |
EMV Scripting Service | Mechanism for sending commands to an EMV payment card. The commands are used to update card parameters including potentially the PIN. Commands may be encrypted for confidentiality or MAC'd for integrity or both. |
CSNBEAC
CSNEEAC |
EMV Transaction (ARQC/ARPC) Service | Simplifies EMV Authorization Request Cryptogram (ARQC) and Authorization Response Cryptogram (ARPC) transaction processing. |
CSNBEVF
CSNEEVF |
EMV Verification Functions | Provides additional functions used by MasterCard for their EMV cards in addition to application cryptograms and scripting. |
CSNBEPG
CSNEEPG |
Encrypted PIN Generate | Generates and formats a PIN and encrypts the PIN block. |
CSNBPTR
CSNEPTR |
Encrypted PIN Translate | Reenciphers a PIN block from one PIN-encrypting key to another and, optionally, changes the PIN block format. DUKPT keywords are supported. |
|
CSNBPTR2
CSNEPTR2 |
Encrypted PIN Translate2 | Reenciphers a PIN block from one PIN-encrypting key to another and, optionally, changes the PIN block format. Unique key per transaction key derivation is supported. |
CSNBPTRE
CSNEPTRE |
Encrypted PIN Translate Enhanced | Reformat a PIN block where the PAN data is encrypted using format preserving encryption. Unique key per transaction key derivation is supported. |
CSNBPVR
CSNEPVR |
Encrypted PIN Verify | Verifies a supplied PIN using one
of these algorithms:
DUKPT keywords are supported. |
|
CSNBPVR2
CSNEPVR2 |
Encrypted PIN Verify2 | Verifies a supplied PIN against a reference PIN. DUKPT keywords are supported. |
CSNBFLD
CSNEFLD |
Field Level Decipher | Decrypts payment related database fields, preserving the format of the fields using the VISA Format Preserving Encryption algorithm. |
CSNBFLE
CSNEFLE |
Field Level Encipher | Encrypts payment related database fields, preserving the format of the fields using the VISA Format Preserving Encryption algorithm. |
|
CSNBFFXD
CSNEFFXD |
Format Preserving Algorithms Decipher | Decrypts payment related database fields, preserving the format of the fields using NIST FFX algorithms. |
|
CSNBFFXE
CSNEFFXE |
Format Preserving Algorithms Encipher | Encrypts payment related database fields, preserving the format of the fields using NIST FFX algorithms. |
|
CSNBFFXT
CSNEFFXT |
Format Preserving Algorithms Translate | Translates payment card data from encryption under one key to encryption under another key using NIST FFX algorithms. |
CSNBFPED
CSNEFPED |
FPE Decipher | Decrypts payment card data using Visa Data Secure Platform (Visa DSP) processing. |
CSNBFPEE
CSNEFPEE |
FPE Encipher | Encrypts payment card data using Visa Data Secure Platform (Visa DSP) processing. |
CSNBFPET
CSNEFPET |
FPE Translate | Translates payment card data from encryption under one key to encryption under another key using Visa Data Secure Platform (Visa DSP) processing. |
CSNBPCU
CSNEPCU |
PIN Change/Unblock | Supports the PIN change algorithms specified in the VISA Integrated Circuit Card Specification. |
CSNBPFO
CSNEPFO |
Recover PIN From Offset | Calculate an encrypted customer-entered PIN from a PIN generating key, account information, and an offset, returnining the PIN properly formatted and encrypted under a PIN encryption key. |
CSNBSKY
CSNESKY |
Secure Messaging For Keys | Encrypts a text block, including a clear key value decrypted from an internal or external DES token. |
CSNBSPN
CSNESPN |
Secure Messaging For PINs | Encrypts a text block, including a clear PIN block recovered from an encrypted PIN block. |
CSNDSBC
CSNFSBC |
SET Block Compose | Composes the RSA-OAEP block and the DES-encrypted block in support of the SET protocol. |
CSNDSBD
CSNFSBD |
SET Block Decompose | Decomposes the RSA-OAEP block and the DES-encrypted block to provide unencrypted data back to the caller. |
CSNBTRV
CSNETRV |
Transaction Validation | Supports the generation and validation of American Express card security codes. |
CSNBCSG
CSNECSG |
VISA CVV Service Generate | Generates a VISA Card Verification Value (CVV) or a MasterCard Card Verification Code (CVC). |
CSNBCSV
CSNECSV |
VISA CVV Service Verify | Verifies a VISA Card Verification Value (CVV) or a MasterCard Card Verification Code (CVC). |
| Financial services for DK PIN methods | ||
|
CSNBDCU2
CSNEDCU2 |
DK PRW Card Number Update2 | Generates a PIN reference value (PRW) when a replacement card is being issued. |
CSNBDDPG
CSNEDDPG |
DK Deterministic PIN Generate | Generates a PIN and PIN reference value (PRW) using an AES PIN calculation key. |
CSNBDMP
CSNEDMP |
DK Migrate PIN | Generates the PIN reference value (PRW) for a specified user account. |
CSNBDPMT
CSNEDPMT |
DK PAN Modify in Transaction | Generates a new PIN reference value (PRW) for an existing PIN when a merger has occurred and the account information has changed. |
CSNBDPT
CSNEDPT |
DK PAN Translate | Creates an encrypted PIN block with the same PIN and a different PAN. |
CSNBDPC
CSNEDPC |
DK PIN Change | Allows a customer to change their PIN to a value of their choosing. |
CSNBDPV
CSNEDPV |
DK PIN Verify | Verifies ISO-1 and ISO-4 format PINs. |
CSNBDPNU
CSNEDPNU |
DK PRW Card Number Update | Generates a PIN reference value (PRW) when a replacement card is being issued. |
CSNBDPCG
CSNEDPCG |
DK PRW CMAC Generate | Generates a message authentication code (MAC) over specific values involved in an account number change transaction. |
|
CSNBDRG2
CSNEDRG2 |
DK Random PIN Generate2 | Generates a PIN and a PIN reference value using the random process. |
CSNBDRPG
CSNEDRPG |
DK Random PIN Generate | Generates a PIN and a PIN reference value using the random process. |
CSNBDRP
CSNEDRP |
DK Regenerate PRW | Generates a new PIN reference value for a changed account number. |
| Key data set management | ||
CSNBKRC
CSNEKRC |
CKDS Key Record Create | Adds a key record containing a key token set to binary zeros to both the in-storage and DASD copies of the CKDS. |
CSNBKRC2
CSNEKRC2 |
CKDS Key Record Create2 | Adds a key record containing a key token to both the in-storage and DASD copies of the CKDS. |
CSNBKRD
CSNEKRD |
CKDS Key Record Delete | Deletes a key record from both the in-storage and DASD copies of the CKDS. |
CSNBKRR
CSNEKRR |
CKDS Key Record Read | Copies an internal key token from the in-storage copy of the CKDS to application storage. |
CSNBKRR2
CSNEKRR2 |
CKDS Key Record Read2 | Copies an internal key token from the in-storage copy of the CKDS to application storage. |
CSNBKRW
CSNEKRW |
CKDS Key Record Write | Writes an internal key token to the CKDS record specified in the key label parameter. Updates both the in-storage and DASD copies of the CKDS currently in use. |
CSNBKRW2
CSNEKRW2 |
CKDS Key Record Write2 | Writes an internal key token to the CKDS record specified in the key label parameter. Updates both the in-storage and DASD copies of the CKDS currently in use. |
CSFCRC
CSFCRC6 |
Coordinated KDS Administration | Performs a CKDS refresh or CKDS reencipher and change master key operation while allowing applications to update the CKDS. In a sysplex environment, this callable service performs a coordinated sysplex-wide refresh or change master key operation from a single ICSF instance. |
CSFMPS
CSFMPS6 |
ICSF Multi-Purpose Service | Validates the keys in the active CKDS. |
CSFKDSL
CSFKDSL6 |
KDS List | Lists the labels matching specified metadata and other search criteria in the active CKDS. |
CSFKDMR
CSFKDMR6 |
KDS Metadata Read | Copies specified metadata from the active CKDS record to application storage. |
CSFKDMW
CSFKDMW6 |
KDS Metadata Write | Writes specified metadata to a list of CKDS records. Updates both the in-storage and DASD copies of the CKDS that is currently in use. |
|
CSFRRT
CSFRRT6 |
Key Data Set Record Retrieve | Retrieves a KDSR format record from a CKDS, PKDS, or TKDS. |
|
CSFKDU
CSFKDU6 |
Key Data Set Update | Updates a key dataset record. |
| Utilities | ||
| CSNBXBC or CSNBXCB | Character/nibble Conversion | Converts a binary string to a character string or vice versa. |
| CSNBXEA or CSNBXAE | Code Conversion | Converts EBCDIC data to ASCII data or vice versa. |
CSFIQA
CSFIQA6 |
ICSF Query Algorithm | Use this utility to retrieve information about the cryptographic and hash algorithms available. You can control the amount of data that is returned by passing in different rule_array keywords. |
CSFIQF
CSFIQF6 |
ICSF Query Facility | Provides ICSF status, as well as coprocessor information. |
CSFIQF2
CSFIQF26 |
ICSF Query Facility2 | Provide information on the cryptographic environment as currently known by ICSF. This callable service is not SAF protected nor will it call any cryptographic coprocessors. |
|
CSFSTAT
CSFSTAT6 |
Cryptographic Usage Statistic | Tracks cryptographic usage external to the ICSF address space. |
| CSNB9ED | X9.9 Data Editing | Edits an ASCII text string according to the editing rules of ANSI X9.9–4. |
| Trusted interfaces | ||
| CSFPCI | PCI interface | Query the list of access control points, send/receive requests to coprocessors, upload secure audit records, and obtain cryptographic coprocessor configurations. |
|
CSFWRP
CSFWRP6 |
Key Token Wrap | Unwraps a secure key token from the current master key and then rewraps the key token in the system protection key. This service is intended for operating system code. |