ICSF supports RSA and ECC keys:
- RSA
- An RSA key pair includes a private key and a public key. RSA
keys can be used for key distribution and authentication. The private
key can be restricted to authentication only or key management only.
Table 1. RSA keys| Key |
Callable services |
|---|
The length of the modulus may be 512-4096 bits.
Modules-exponent and Chinese Remainder Theorem formats are supported.
|
| Private |
Digital Signature Generate, Key Test2, PKA Public
Key Extract, Public Key Decrypt, Restrict Key Attribute, SET Block
Decompose, Symmetric Key Import, Symmetric Key Import2 |
| Public |
Digital Signature Verify, Key Test2, Public
Key Encrypt, SET Block Compose, Symmetric Key Export, Symmetric Key
Export with Data, Symmetric Key Generate |
Availability notes: RSA
keys with a modulus greater than 2048 bits are supported on the z9
EC, z9 BC, and later systems with a CEX2C or later coprocessor with
the November 2007 or later licensed internal code.
- ECC
- An ECC key pair includes a private and public key. ECC keys can
be used for authentication and symmetric key derivation. ECC keys
are used to derive AES and DES keys using the Diffie-Hellman protocol.
The private key can be restricted to authentication only or key derivation
only.
Table 2. ECC keys| Key |
Callable services |
|---|
| Private |
Digital Signature Generate, ECC Diffie-Hellman |
|---|
| Public |
Digital Signature Verify, ECC Diffie-Hellman |
|---|
Availability notes: ECC keys are supported
on the z10 EC, z10 BC, and later systems with a CEX3C and later coprocessor
with the November 2010 or later licensed internal code.