z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


PKCS #11 Wrap key (CSFPWPK and CSFPWPK6)

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Use wrap key callable service to wrap a key with another key. The following formatting is supported:

  • PKCS 1.2 is supported for wrapping a DES, DES3, AES, BLOWFISH, RC4, or GENERIC secret key with an RSA public key.
    • The wrapping key must be a public key object.
    • The CKA_WRAP attribute must be true.
  • PKCS 8 formatting (CBC mode with padding) is supported for wrapping an RSA, DSA, Elliptic Curve, or Diffie-Hellman private key with a secret key.
    • The wrapping key must be a secret key object.
    • The CKA_WRAP attribute must be true
    • The encryption mechanism must be specified in the rule array and must match the key type of the secret key object

If the length of output field is too short to hold the output, the service will fail and return the required length of the output field in the wrapped_key_length parameter.

The callable service can be invoked in AMODE(24), AMODE(31), or AMODE(64). 64-bit callers must use CSFPWPK6.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014