Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
gsk_open_keyring() z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
Opens a SAF digital certificate key ring or z/OS® PKCS #11 token. Format
Parameters
ResultsThe function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
UsageThe gsk_open_keyring() routine will open a key ring maintained by the System Authorization Facility (SAF) and construct a read-only key database. Only trusted certificates connected to the specified key ring are included in the key database. The GSKDB_RECFLAG_DEFAULT flag will be set if the certificate is the default certificate for the key ring or token. The user must have READ access to the IRR.DIGTCERT.LISTRING resource in the FACILITY class when using a SAF key ring owned by the user. The user must have UPDATE access to the IRR.DIGTCERT.LISTRING resource in the FACILITY class when using a SAF key ring owned by another user. Note:
Certificate private keys are not available when using a SAF key ring owned by another user, except for SITE certificates where CONTROL authority is given to IRR.DIGTCERT.GENCERT in the FACILITY class or for user certificates where READ or UPDATE authority is given to ringOwner.ringName.LST resource in the RDATALIB class. The application user ID must have READ access to resource USER.tokenname in the CRYPTOZ class in order for the certificates and their private keys, if present, to be read from a z/OS PKCS #11 token. |
Copyright IBM Corporation 1990, 2014
|