z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code
Direction: OutputType: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code
Direction: OutputType: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length
Direction: Input/OutputType: Integer

The length of the data that is passed to the installation exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes). The data is identified in the exit_data parameter.

exit_data
Direction: Input/OutputType: String

The data that is passed to the installation exit.

rule_array_count
Direction: InputType: Integer

The number of keywords you supplied in the rule_array parameter. The value must be 1, 2, 3, 4, 5, 6, or 7.

rule_array
Direction: InputType: String

Keywords that provide control information to the callable service. Table 101 lists the keywords. The keywords must be 8 bytes of contiguous storage with the keyword left-justified in its 8-byte location and padded on the right with blanks.

Table 101. Keywords for Symmetric Key Generate Control Information
KeywordDescriptionAlgorithm
Algorithm (one keyword, optional)
AESThe key being generated is a secure AES key.AES
DESThe key being generated is a DES key. This is the default.DES
Key formatting method (one keyword required)
PKA92Specifies the key-encrypting key is to be encrypted under a PKA96 RSA public key according to the PKA92 formatting structure.DES
PKCSOAEPSpecifies using the method found in RSA DSI PKCS #1V2 OAEP. The default hash method is SHA-1. Use the SHA-256 keyword for the SHA-256 hash method.AES or DES
PKCS-1.2Specifies the method found in RSA DSI PKCS #1 block type 02.AES or DES
ZERO-PAD The clear key is right-justified in the field provided, and the field is padded to the left with zeros up to the size of the RSA encryption block (which is the modulus length).AES or DES
Key Length (optional - for use with PKA92)
SINGLE-RFor key-encrypting keys, this specifies that the left half and right half of the generated key will have identical values. This makes the key operate identically to a single-length key with the same value. Without this keyword, the left and right halves of the key-encrypting key will each be generated randomly and independently.DES
Key Length (optional - for use with PKCSOAEP, PKCS-1.2, or ZERO-PAD)
SINGLE, KEYLN8Specifies that the generated key should be 8 bytes in length.DES
DOUBLESpecifies that the generated key should be 16 bytes in length.DES
KEYLN16Specifies that the generated key should be 16 bytes in length.AES or DES
KEYLN24Specifies that the generated key should be 24 bytes in length.AES or DES
KEYLN32Specifies that the generated key should be 32 bytes in length.AES
Encipherment method for the local enciphered copy of the key (optional - for use with PKCSOAEP, PKCS-1.2, or ZERO-PAD
OPEnciphers the key with the master key. The DES master key is used with DES keys and the AES master key is used with AES keys.AES or DES
EXEnciphers the key with the EXPORTER key that is provided through the key_encrypting_key_identifier parameter.DES
IMEnciphers the key with the IMPORTER key-encrypting key specified with the key_encrypting_key_identifier parameter.DES
Key Wrapping Method (optional)
USECONFGSpecifies that the system default configuration should be used to determine the wrapping method. This is the default keyword.

The system default key wrapping method can be specified using the DEFAULTWRAP parameter in the installation options data set. See the z/OS Cryptographic Services ICSF System Programmer’s Guide.

AES and DES
WRAP-ENHUse enhanced key wrapping method, which is compliant with the ANSI X9.24 standard.DES
WRAP-ECBUse original key wrapping method, which uses ECB wrapping for DES key tokens and CBC wrapping for AES key tokens.AES or DES
Translation Control (optional)
ENH-ONLYRestrict rewrapping of the target_key_identifier token. Once the token has been wrapped with the enhanced method, it cannot be rewrapped using the original method.DES
Hash Method (optional - only valid with PKCSOAEP)
SHA-1Specifies to use the SHA-1 hash method to calculate the OAEP message hash. This is the default.AES or DES
SHA-256Specifies to use the SHA-256 hash method to calculate the OAEP message hash.AES or DES
key_encrypting_key_identifier
Direction: Input/OutputType: String

The label or internal token of a key-encrypting key. If the rule_array specifies IM, this DES key must be an IMPORTER. If the rule_array specifies EX, this DES key must be an EXPORTER. Otherwise, the parameter is ignored.

RSA_public_key_identifier_length
Direction: InputType: Integer

The length of the RSA_public_key_identifier parameter. If the RSA_public_key_identifier parameter is a label, this parameter specifies the length of the label. The maximum size is 3500 bytes.

RSA_public_key_identifier
Direction: InputType: String

The token, or label, of the RSA public key to be used for protecting the generated symmetric key.

local_enciphered_key_token_length (was DES_enciphered_key_token_length)
Direction: Input/OutputType: Integer

The length in bytes of the local_enciphered_key_token. This field is updated with the actual length of the token that is generated. The minimum length is 64-bytes and the maximum length is 128 bytes.

local_enciphered_key_token (was DES_enciphered_key_token)
Direction: Input/OutputType: String

This parameter contains the generated DATA key in the form of an internal or external token, depending on rule_array specification. If you specify PKA92, on input specify an internal (operational) key token of an Importer or Exporter Key.

RSA_enciphered_key_length
Direction: Input/OutputType: Integer

The length of the RSA_enciphered_key parameter. This service updates this field with the actual length of the RSA_enciphered_key it generates. The maximum size is 512 bytes.

RSA_enciphered_key
Direction: Input/OutputType: String

This field contains the RSA enciphered key, which is protected by the public key specified in the RSA_public_key_identifier field.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014