z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Generating an Operational Key

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

To generate an operational key, choose one of these methods:

  • For operational keys, call the key generate callable service (CSNBKGN). Table 33 and Table 34 show the key type and key form combinations for a single key and for a key pair.
  • For operational keys, call the random number generate callable service (CSNBRNG) and specify the form parameter as RANDOM. Specify ODD parity for a random number you intend to use as a key. Then pass the generated value to the secure key import callable service (CSNBSKI) with a required key type. The required key type is now in operational form.

    This method requires a cryptographic unit to be in special secure mode. For more information about special secure mode, see Special Secure Mode.

  • For data-encrypting keys, call the random number generate callable service (CSNBRNG) and specify the form parameter as ODD. Then pass the generated value to the clear key import callable service (CSNBCKI) or the multiple clear key import callable service (CSNBCKM). The DATA key type is now in operational form.

You cannot generate a PIN verification (PINVER) key in operational form because the originator of the PIN generation (PINGEN) key generates the PINVER key in exportable form, which is sent to you to be imported.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014