Certificate Management APIs
Table 1 lists the updates to the System SSL application interface for SSL/TLS APIs.
API | Release | Description | Reason for change |
---|---|---|---|
gsk_construct_certificate() | z/OS V2R1 | Changed: Added support for generating signed DSA certificates with key size of 2048-bits and signed certificates with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating signed ECDSA certificates. |
ECDSA certificate support | |
gsk_construct_renewal_certificate() | z/OS V2R1 | Changed: Added support for generating certificate requests with DSA key size of 2048-bits and certificate requests that are signed with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_construct_self_signed_certificate() | z/OS V2R1 | Changed: Added support for generating self-signed DSA certificates with key size of 2048-bits and DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating self-signed ECDSA certificates. |
ECDSA certificate support | |
gsk_construct_signed_certificate() | z/OS V2R1 | Changed: Added support for signing certificate requests using DSA 2048-bit keys and DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_create_certification_request() | z/OS V2R1 | Changed: Added support for generating certificate requests with DSA key size of 2048-bits and certificate requests that are signed with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating ECDSA certificate requests. |
ECDSA certificate support | |
gsk_create_database_renewal_request() | z/OS V2R1 | Changed: Added support for generating certificate renewal requests with DSA key size of 2048-bits and certificate requests that are signed with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_create_database_signed_certificate() | z/OS V2R1 | Changed: Added support for signing certificate requests using DSA 2048-bit keys and certificate requests that are signed with DSA SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for creating a signed ECDSA certificate. |
ECDSA certificate support | |
gsk_create_renewal_request() | z/OS V2R1 | Changed: Added support for generating certificate requests with DSA key size of 2048-bits and certificate requests that are signed with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_create_revocation_source() | z/OS V2R2 | New: Create an OCSP, HTTP CRL, or an extended LDAP CRL revocation source. |
Certificate revocation enhancement |
gsk_create_self_signed_certificate() | z/OS V2R1 | Changed: Added support for generating self-signed DSA certificates with key size of 2048-bits and DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating self-signed ECDSA certificates. |
ECDSA certificate support | |
gsk_create_signed_certificate_record() | z/OS V2R1 | Changed: Added support for generating signed DSA certificates with key size of 2048-bits and DSA certificates with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_create_signed_certificate_set() | z/OS V2R1 | Changed: Added support for generating signed DSA certificates with key size of 2048-bits and signed certificates with DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating signed ECDSA certificates. |
ECDSA certificate support | |
gsk_create_signed_crl_record() | z/OS V2R1 | Changed: Added support for generating a signed CRL using DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_decode_certificate_extension() | z/OS V2R2 | Changed: Added support for ocspNoCheck extension. |
Certificate revocation enhancement |
z/OS V2R1 | Changed: Added support for decoding HostIDMapping extension. |
Enhanced x.509 certificate support | |
gsk_decode_issuer_and_serial_number() | z/OS V2R2 | New: Decodes a PKCS #7 IssuerAndSerialNumber. |
PKCS #7 support |
gsk_decode_signer_identifier() | z/OS V2R2 | New: Decodes a PKCS #7 signer identifier. |
PKCS #7 support |
gsk_encode_certificate_extension() | z/OS V2R2 | Changed: Added support for ocspNoCheck extension. |
Certificate revocation enhancement |
z/OS V2R1 | Changed: Added support for encoding HostIDMapping extension. |
Enhanced x.509 certificate support | |
gsk_encode_ec_parameters() | z/OS V1R13 | New: Encodes the EC domain parameters for an ECC key. |
ECDSA certificate support |
gsk_encode_export_key() | z/OS V2R1 | Changed: Added support for exporting RSA and ECDSA certificates with their private keys when the private keys are stored as extractable secure private keys in the TKDS. |
Support for secure private keys in a PKCS #11 token |
gsk_encode_issuer_and_serial_number() | z/OS V2R2 | New: Encodes a PKCS #7 IssuerAndSerialNumber. |
PKCS #7 support |
gsk_encode_signer_identifier() | z/OS V2R2 | New: Encodes a PKCS #7 SignerIdentifier from a signer certificate. |
PKCS #7 support |
gsk_export_key() | z/OS V2R1 | Changed: Added support for exporting RSA and ECDSA certificates with their private keys when the private keys are stored as extractable secure private keys in the TKDS. |
Support for secure private keys in a PKCS #11 token |
gsk_free_issuer_and_serial_number() | z/OS V2R2 | New: Releases storage allocated for PKCS #7 issuer and serial number information. |
PKCS #7 support |
gsk_free_oid() | z/OS V2R2 | New: Releases storage allocated for OID information. |
PKCS #7 support |
gsk_free_revocation_source() | z/OS V2R2 | New: Frees the revocation source initialized and allocated by gsk_create_revocation_source(). |
Certificate revocation enhancement |
gsk_free_signer_identifier() | z/OS V2R2 | New: Releases storage allocated for PKCS #7 signer identifier information. |
PKCS #7 support |
gsk_generate_key_pair() | z/OS V2R1 | Changed: Added support for generation of DSA 2048-bit key pairs. |
Enhanced DSA support |
z/OS V1R13 | Changed: Added support for generating ECC key pairs. |
Base elliptic curve support | |
gsk_generate_key_parameters() | z/OS V1R13 | Changed: Added support for generating ECC key parameters. |
Base elliptic curve support |
gsk_get_cms_vector() | z/OS V2R2 | Changed: Added GSKCMS_API_LVL10. |
Certificate revocation enhancement |
z/OS V2R1 | Changed: Added GSKCMS_API_LVL9. |
Release update | |
z/OS V1R13 | Changed: Added GSKCMS_API_LVL8. |
Release update | |
gsk_get_content_type_and_cms_version() | z/OS V2R2 | New: Extracts the PKCS #7 content_info_type, content_info_oid, and cms_version from the pkcs_content_info structure. |
PKCS #7 support |
gsk_get_directory_certificates() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
gsk_get_directory_crls() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
gsk_get_directory_enum() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
gsk_get_directory_numeric_value() | z/OS V2R2 | New: Gets an integer value from an LDAP directory. |
Certificate revocation enhancement |
gsk_make_enveloped_data_content() | z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for encrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support | |
gsk_make_enveloped_data_content_ |
z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for encrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support | |
gsk_make_enveloped_data_msg() | z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for encrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support | |
gsk_make_enveloped_data_msg_ |
z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for encrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support | |
gsk_make_enveloped_private_key_msg() | z/OS V2R1 | New: Create a PKCS#7 EnvelopedData message containing an RSA or ECDSA private key. Private key is a secure key stored in a PKCS #11 token. |
Enhanced PKCS#7 support |
gsk_make_signed_data_content() | z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for signing using digital signatures DSA with SHA-224 and SHA-256. |
Enhanced DSA support | |
gsk_make_signed_data_content_ |
z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for signing using digital signatures DSA with SHA-224 and SHA-256. |
Enhanced DSA support | |
gsk_make_signed_data_msg() | z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for signing using digital signatures DSA with SHA-224 and SHA-256. |
Enhanced DSA support | |
gsk_make_signed_data_msg_ |
z/OS V2R2 | Changed: Updated the version parameter. |
PKCS #7 support |
z/OS V2R1 | Changed: Added support for signing using digital signatures DSA with SHA-224 and SHA-256. |
Enhanced DSA support | |
gsk_modify_pkcs11_key_label() | z/OS V2R1 | New: Returns a gsk_buffer containing a TKDS key token label with either an "=" added or removed from the first position. |
Support for secure private keys in a PKCS #11 token |
gsk_open_directory() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
gsk_perform_kat() | z/OS V2R2 | Changed: Enhanced to run TLS V1.0, TLS V1.1, and TLS V1.2 key derivation function known answer tests. |
FIPS 140-2 support |
z/OS V1R13 | Changed: Enhanced to run HMAC-SHA-256 and HMAC-SHA-384 known answer tests. |
FIPS 140-2 support | |
gsk_query_crypto_level() | z/OS V2R1 | Changed: Updated SSL run time level. |
Release update |
z/OS V1R13 | Changed: Updated SSL run time level. |
Release update | |
gsk_read_enveloped_data_content() | z/OS V2R1 | Changed: Added support for decrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support |
gsk_read_enveloped_data_content_ |
z/OS V2R1 | Changed: Added support for decrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support |
gsk_read_enveloped_data_msg() | z/OS V2R1 | Changed: Added support for decrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support |
gsk_read_enveloped_data_msg_ |
z/OS V2R1 | Changed: Added support for decrypting the message content using AES CBC (128-bit and 256-bit). |
Enhanced PKCS#7 support |
gsk_read_signed_data_content() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_read_signed_data_content_ |
z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_read_signed_data_msg() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_read_signed_data_msg_ |
z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_set_directory_enum() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
gsk_set_directory_numeric_value() | z/OS V2R2 | New: Sets an integer value for an LDAP directory. |
Certificate revocation enhancement |
gsk_sign_certificate() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_sign_crl() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_sign_data() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_validate_certificate() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
z/OS V1R13 | Changed: Added support for gskdb_source_crl_callback. |
Enhanced certificate support | |
gsk_validate_certificate_mode() | z/OS V2R2 | Changed: Added support for timely revocation checking and revocation flexibility. |
Certificate revocation enhancement |
z/OS V2R1 | Changed: Added support for validating certificates and certificate chain according to RFC 5280. |
Enhanced x.509 certificate support | |
z/OS V1R13 | Changed: Added support for gskdb_source_crl_callback. |
Enhanced certificate support | |
gsk_validate_extended_key_usage() | z/OS V2R2 | New: Validate a certificate's extended key usage extension against the supplied extended key usage list. |
PKCS #7 support |
gsk_verify_certificate_signature() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_verify_crl_signature() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |
gsk_verify_data_signature() | z/OS V2R1 | Changed: Added support for verifying DSA with SHA-224 or SHA-256 digital signatures. |
Enhanced DSA support |