RSA and ECC keys can be generated using the PKA Key Generate service.
The RSA private keys can be generated within the secure boundary
of the card and never leave the secure boundary. Only the domain that
created the retained key can access it. For more information on how
to retain a generated key, see z/OS Cryptographic Services ICSF Application Programmer's Guide.
Normally, the output key is randomly generated. You may find it
useful in testing situations to re-create the same key values. By
providing regeneration data, a seed can be supplied so that the same
value of the generated key can be obtained in multiple instances.
To generate the keys based on the value supplied in the regeneration_data
parameter, you must enable one of these access control points:
- When using the RETAIN keyword, enable the Permit Regeneration
Data for Retain Keys access control point.
- When not using the RETAIN keyword, enable the Permit Regeneration
Data access control point.
For more information on enabling access control points, refer to z/OS Cryptographic Services ICSF TKE Workstation User's Guide.