Use this callable service to build external PKA key tokens containing unenciphered private RSA, DSS, or ECC keys, or public RSA, DSS, or ECC keys. This callable service is used to create the following:

• A skeleton_key_token for use with the PKA Key Generate callable service (see Table 227)
• A key token with a public key that has been obtained from another source
• A key token with a clear private-key and the associated public key
• A key token for an RSA private key in optimized Chinese Remainder Theorem (CRT) form.
• An RSA token with X'09' section identifier using the RSAMEVAR keyword to obtain a token for a key in modulus-exponent form that is variable length.

DSS key generation requires this information in the input skeleton token:

• Size of modulus p in bits
• Prime modulus p
• Prime divisor q
• Public generator g
• Optionally, the private key name

ECC key generation requires this information in the skeleton token:

• The key type: ECC
• The type of curve: Prime or Brainpool
• The size of P in bits: 192, 224, 256, 384 or 521 for Prime curves and 160, 192, 224, 256, 320, 384, or 521 for Brainpool curves
• Key usage information
• Optionally, application associated data

The callable service name for AMODE(64) invocation is CSNFPKB.