Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Generating PKA Keys z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
If a PCICC, PCIXCC, CEX2C, or CEX3C is installed, ICSF is able to generate RSA keys using the PKA Key Generate service. On the z196 with the CEX3C, ICSF is able to generate ECC keys using the PKA Key Generate service. The RSA key format can be the Modulus Exponent form or the Chinese Remainder form. Retained keys are RSA keys generated within the secure boundary of the card and never leave the secure boundary. Only the domain that created the retained key can access it. Retained key format can be the Modulus Exponent form or the Chinese Remainder form. For more information on how to retain a generated key, see z/OS Cryptographic Services ICSF Application Programmer’s Guide. Normally the output key is randomly generated. You may find it useful in testing situations to recreate the same key values. By providing regeneration data, a seed can be supplied so that the same value of the generated key can be obtained in multiple instances. To generate the keys based on the value supplied in the regeneration_data parameter, you must enable one of these access control points:
For more information on enabling access control points, refer to z/OS Cryptographic Services ICSF TKE Workstation User’s Guide. RSA keys in the PKDS can be managed using the PKDS key management panel utilities.
For more information see Using the Utility Panels to Manage Keys in the PKDS. |
Copyright IBM Corporation 1990, 2014
|