Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||||
SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS. An RSA modulus-exponent form token imported on the PCICC, PCIXCC, CEX2C, or CEX3C results in a X'06' format, while a token imported on a Cryptographic Coprocessor Feature will result in a X'02' format. If the modulus length is less than 512, the token will be imported on the CCF, and it will be X'02' format. This service imports keys of any modulus size up to 4096 bits. However, the hardware configuration sets the limits on the modulus size of keys for digital signatures and key management; thus, the key may be successfully imported but fail when used if the limits are exceeded. The PKA Key Import access control point controls the function of this service. If the source_key_token parameter points to a trusted block, the PKA Key Import - Import an External Trusted Block access control point must also be enabled. This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|