gsk_generate_key_parameters()

Generates ASN.1 encoded key parameters.

Format

   #include <gskcms.h>

   gsk_status gsk_generate_key_parameters(
                                           x509_algorithm_type          key_algorithm,
                                           int                          key_size,
                                           gsk_buffer *                 key_params )

Parameters

key_algorithm: Specifies the key algorithm.
key_size: Specifies the key size in bits.
key_params: Specifies the key parameters as an ASN.1-encoded sequence. The application should call the gsk_free_buffer() routine to release the key parameters when they are no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_ALG_NOT_SUPPORTED]: The key algorithm is not supported.
[CMSERR_BAD_KEY_SIZE]: The key size is not valid.
[CMSERR_NO_MEMORY]: Insufficient storage is available.

Usage

The gsk_generate_key_parameters() routine will generate key parameters that can then be used with the gsk_generate_key_pair() routine to generate one or more public/private key pairs.

These key algorithms are supported:

x509_alg_idDsa - Digital Signature Standard - {1.2.840.10040.4.1}
The key size can be between 512 and 1024 bits, which will be rounded up to a multiple of 64 bits, or precisely 2048 bits. Key sizes less than 1024 bits can only be generated in non-FIPS mode and are generated according to FIPS 186-2. Keys sizes 1024 and 2048 are generated according to FIPS 186-3. The generated ASN.1 sequence will consist of the prime P, the subprime Q, and the base G. For 2048-bit key size, the size of the subprime Q will be 256. See FIPS 186-3: Digital Signature Standard (DSS) for more information about the generation of the key parameters for 1024-bit and greater key sizes. See FIPS 186-2: Digital Signature Standard (DSS) for smaller key sizes.
x509_alg_dhPublicNumber - Diffie-Hellman Key Exchange - {1.2.840.10046.2.1}
The key size must be between 512 and 2048 bits if not executing in FIPS mode, and must be 2048 bits if executing in FIPS mode, and will be rounded up to a multiple of 64 bits if necessary. In non-FIPS mode, the generated ASN.1 sequence will consist of the prime P, the base G, the subprime Q, and the subgroup factor J. In FIPS mode, the generated ASN.1 sequence will consist of the prime P and the base G. See RFC 2631: Diffie-Hellman Key Agreement Method for more information about the generation of the key parameters, and RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile for more information about the ASN.1 encoding.

Multiple Digital Signature Standard keys or Diffie-Hellman Key Exchange keys can share the same group parameters (P, Q, and G). This is useful when generating multiple keys of the same type since it is very time-consuming to compute values for P, Q, and G. In addition, the Diffie-Hellman key agreement algorithm requires both parties to use the same group parameters when computing the secret value (an SSL client will generate temporary Diffie-Hellman values if the group parameters in the client certificate are not the same as the group parameters in the server certificate).
x509_alg_ecPublicKey – ECDSA and ECDH Public Key - {1.2.840.10045.2.1}
The key size must be between 0 and 521 bits. The key size value will be rounded up to the nearest supported key size, and the default EC named curve for that key size will be used, as specified in Table 2. In FIPS mode, only NIST recommended curves are supported.