Function restrictions

Retained keys are RSA private keys that are stored in a cryptographic coprocessor instead of in the public key storage data set. This change does not affect retained keys that you are currently using, that is, keys that are stored on the cryptographic coprocessor. However, the ICSF services do no allow you to store in a cryptographic coprocessor RSA keys intended for key management use. Your applications can continue to store in the cryptographic coprocessor RSA private keys intended for signature usage. The modulus length of these private keys is limited to 2048-bits.

The 2048-bit RSA keys may have an public exponent, e, in the range of ²⁰⁴⁸. 1<e<2**2048 and e must be odd. The RSA public key exponents for 2049-bit to 4096-bit RSA keys are restricted to the values 3 and 65537. The public exponent may be 5, 17, or 257 on a z13, z13s, or later server with the October 2016 or later licensed internal code.