z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code
Direction: OutputType: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code
Direction: OutputType: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length
Direction: Input/OutputType: Integer

The length of the data that is passed to the installation exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes). The data is identified in the exit_data parameter.

exit_data
Direction: Input/OutputType: String

The data that is passed to the installation exit.

rule_array_count
Direction: InputType: Integer

The number of keywords you are supplying in the rule_array parameter. Value may be 1, 2, or 3.

rule_array
Direction: InputType: String

Keywords that provide control information to the callable service. Table 95 lists the keywords. Each keyword is left-justified in 8-byte fields and padded on the right with blanks. All keywords must be in contiguous storage.

Table 95. Keywords for Symmetric Key Export Control Information
KeywordMeaning
Algorithm (One keyword, optional)
AESThe key being exported is an AES key. If source_key_identifier is a variable-length symmetric key token or label, only the PKOAEP2 and AESKW key formatting methods are supported.
DESThe key being exported is a DES key. This is the default.
HMACThe key being exported is an HMAC key. Only the PKOAEP2 and AESKW key formatting methods are supported.
Key Formatting method (One required)
AESKWSpecifies that the key is to be formatted using AESKW and placed in an external variable length CCA token. The transport_key_identifier must be an AES EXPORTER. This rule is not valid with the DES Algorithm keyword or with AES DATA (version X'04') keys.
PKCSOAEPSpecifies to format the key according to the method in RSA DSI PKCS #1V2 OAEP. The default hash method is SHA-1. Use the SHA-256 keyword for the SHA-256 hash method.
PKCS–1.2Specifies to format the key according the method found in RSA DSI PKCS #1 block type 02 to recover the symmetric key.
PKOAEP2Specifies to format the key according to the method found in RSA DSI PKCS #1 v2.1 RSAES-OAEP documentation. Not valid with DES algorithm or with AES DATA (version X'04') keys. A hash method is required.
ZERO-PADThe clear key is right-justified in the field provided, and the field is padded to the left with zeros up to the size of the RSA encryption block (which is the modulus length).
Hash Method (One, optional for PKCSOAEP, required for PKOAEP2. Not valid with any other Key Formatting method)
SHA-1Specifies to use the SHA-1 hash method to calculate the OAEP message hash. This is the default for PKCSOAEP.
SHA-256Specifies to use the SHA-256 hash method to calculate the OAEP message hash.
SHA-384Specifies to use the SHA-384 hash method to calculate the OAEP message hash. Not valid with PKCSOAEP.
SHA-512Specifies to use the SHA-512 hash method to calculate the OAEP message hash. Not valid with PKCSOAEP.
source_key_identifier_length
Direction: InputType: Integer

The length of the source_key_identifier parameter. The minimum size is 64 bytes. The maximum size is 725 bytes.

source_key_identifier
Direction: Input/OutputType: String

The label or internal token of a secure AES DATA (version X‘04'), DES DATA, or variable-length symmetric key token to encrypt under the supplied RSA public key or AES EXPORTER key. The key in the key identifier must match the algorithm in the rule_array. DES is the default algorithm.

transporter_key_identifier_length
Direction: InputType: Integer

The length of the transporter_key_identifier parameter. The maximum size is 3500 bytes for an RSA key token or 725 for an AES EXPORTER key token. The length must be 64 if transporter_key_identifier is a label.

transporter_key_identifier
Direction: InputType: String

An RSA public key token, AES EXPORTER token, or label of the key to protect the exported symmetric key.

When the AESKW Key Formatting method is specified, this parameter must be an AES EXPORTER key token or label with the EXPORT bit on in the key-usage field. Otherwise, this parameter must be an RSA public key token or label.

enciphered_key_length
Direction: Input/OutputType: Integer

The length of the enciphered_key parameter. This is updated with the actual length of the enciphered_key generated. The maximum size you can specify in this parameter is 900 bytes, although the actual key length may be further restricted by your hardware configuration (as shown in Table 100).

enciphered_key
Direction: OutputType: String

This field contains the exported key, protected by the RSA public or AES EXPORTER key specified in the transporter_key_identifier field.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014