Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRD125I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRD125I The key size that was specified or defaulted is not acceptable.
The request is not processed. ExplanationThe RSA or DSA key size is not acceptable. The maximum key size is determined by United States export restrictions or internal system limits based on the key type. The minimum DSA key is 512 bits. The minimum size of a clear RSA key, a secure RSA key in the PKDS (public key data set), or a DSA key is 512 bits. The minimum size of a secure RSA key in the TKDS (token key data set) is 1024 bits and it must also be a multiple of 256 bits. Generation of a certificate with a clear RSA key with a key size greater than 1024 requires that the CP Assist for Cryptographic Functions (CPACF) (feature code 3863) is enabled and the TDES function is available. System actionRACDCERT does not process the request. User responseReissue the command with a smaller key size. For more information, see ../com.ibm.zos.v2r1.icha400/ich2a410.htm. If you specified a key size greater than 1024 for a clear RSA key, ensure that the CP Assist for Cryptographic Functions (CPACF) (feature code 3863) is enabled and the TDES function is available. If you specified a key size for a secure RSA key on the TKDS, ensure that the size is at least 1024 bits and is a multiple of 256. |
Copyright IBM Corporation 1990, 2014
|