Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Key Test (CSNBKYT and CSNEKYT) z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|
Use the key test callable service to generate or verify a secure, cryptographic verification pattern for keys. The key to test can be in the clear or encrypted under the master key. Keywords in the rule_array specify whether the callable service generates or verifies a verification pattern. DES keys use the algorithm defined in DES Algorithm (single- and double-length keys) as the default algorithm (except for triple-length DATA keys). When generating a verification pattern, the service generates a random number and calculates the verification pattern. The random number and verification pattern are returned to the caller. When verifying a key, the random number and key are used to verify the verification pattern. AES keys use the SHA-256 algorithm as the default algorithm. An 8-byte verification pattern is generated for the key specified. The random number parameter is not used. The optional ENC-ZERO algorithm can be used with any key. A 4-byte verification pattern is generated. The random number parameter is not used. CSNBKYT is consistent with the Transaction Security System verb of the same name. If you generate a key on the Transaction Security System, you can verify it on ICSF and vice versa. See Key Test Extended (CSNBKYTX and CSNEKTX) to verify the value of a DES key encrypted using a KEK. The callable service name for AMODE(64) invocation is CSNEKYT. |
Copyright IBM Corporation 1990, 2014
|