z/OS Security Server RACF Messages and Codes
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IRRD125I

z/OS Security Server RACF Messages and Codes
SA23-2291-00

IRRD125I
The key size that was specified or defaulted is not acceptable. The request is not processed.

Explanation

The RSA or DSA key size is not acceptable. The maximum key size is determined by United States export restrictions or internal system limits based on the key type. The minimum DSA key is 512 bits. The minimum size of a clear RSA key, a secure RSA key in the PKDS (public key data set), or a DSA key is 512 bits. The minimum size of a secure RSA key in the TKDS (token key data set) is 1024 bits and it must also be a multiple of 256 bits.

Generation of a certificate with a clear RSA key with a key size greater than 1024 requires that the CP Assist for Cryptographic Functions (CPACF) (feature code 3863) is enabled and the TDES function is available.

System action

RACDCERT does not process the request.

User response

Reissue the command with a smaller key size. For more information, see ../com.ibm.zos.v2r1.icha400/ich2a410.htm.

If you specified a key size greater than 1024 for a clear RSA key, ensure that the CP Assist for Cryptographic Functions (CPACF) (feature code 3863) is enabled and the TDES function is available.

If you specified a key size for a secure RSA key on the TKDS, ensure that the size is at least 1024 bits and is a multiple of 256.

Parent topic: RACDCERT command messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014