z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Appendix E. Callable services affected by key store policy

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

This table provides application programmers guidance on parameters covered by the key store policy controls.

Only the names of the 31-bit versions of the callable services are listed. However, 64-bit versions of the callable services and the ALET qualified versions of the services are also covered by the key store policy. The callable services that are affected by the TOKEN_CHECK key store policy controls are in the table below.

Table 31. Callable services and parameters affected by key store policy
ICSF callable service31-bit nameParameter checked
ANSI X9.17 key exportCSNAKEXsource_data_key_1_identifier

source_data_key_2_identifier

source_key_encrypting_key_identifier

transport_key_identifier

ANSI X9.17 key importCSNAKIMtransport_key_identifier
ANSI X9.17 key translateCSNAKTRinbound_transport_key_identifier

outbound_transport_key_identifier

ANSI X9.17 transport keyCSNATKNsource_transport_key_identifier
Cipher text translateCSNBCTTkey_identifier_in

key_identifier_out

Clear PIN encryptCSNBCPEPIN_encrypting_key_identifier
Clear PIN generate alternateCSNBCPAPIN_encryption_key_identifier

PIN_generation_key_identifier

Clear PIN generateCSNBPGNPIN_generation_key_identifier
Control vector translateCSNBCVTKEK_key_identifier

source_key_token

array_key_left

array_key_right

CVV key combineCSNBCKCkey_a_identifier

key_b_identifier

Cryptographic variable encipherCSNBCVEc_variable_encrypting_key_identifier
Data key exportCSNBDKXsource_key_identifier

exporter_key_identifier

Data key importCSNBDKMsource_key_token

importer_key_identifier

DecipherCSNBDECkey_identifier
Digital signature generateCSNDDSGPKA_private_key_identifier
Digital signature verifyCSNDDSVPKA_public_key_identifier
Diversified key generateCSNBDKGgenerating_key_identifier

generated_key_identifier

ECC Diffie-HellmanCSNDEDHprivate_key_identifier

private_KEK_key_identifier

public_key_identifier

output_KEK_key_identifier

EncipherCSNBENCkey_identifier
Encrypted PIN generateCSNBEPGPIN_generating_key_identifier

outbound_PIN_encrypting_key_identifier

Encrypted PIN translateCSNBPTRinput_PIN_encrypting_key_identifier

output_PIN_encrypting_key_identifier

Encrypted PIN verifyCSNBPVRinput_PIN_encrypting_key_identifier

PIN_verifying_key_identifier

HMAC generateCSNBHMGkey_identifier
HMAC verifyCSNBHMVkey_identifier
Key exportCSNBKEXsource_key_identifier

exporter_key_identifier

Key generateCSNBKGNKEK_key_identifier_1

KEK_key_identifier_2

Key importCSNBKIMsource_key_token

importer_key_identifier

Key testCSNBKYTkey_identifier
Key test2CSNBKYT2key_identifier
Key test extendedCSNBYTXkey_identifier

kek_key_identifier

Key translateCSNBKTRinput_KEK_key_identifier

output_KEK_key_identifier

Key translate2CSNBKTR2,input_key_token

input_KEK_identifier

output_KEK_identifier

MAC generateCSNBMGNkey_identifier
MAC verifyCSNBMGNkey_identifier
Multiple secure key importCSNBSKMkey_encrypting_key_identifier
PIN Change/UnblockCSNBPCUauthentication_issuer_master_key_identifier

encryption_issuer_master_key_identifier

new_reference_PIN_key_identifier

current_reference_PIN_key_identifier

PKA decryptCSNDPKDPKA_key_identifier
PKA encryptCSNDPKEPKA_key_identifier
PKA key generateCSNDPKGtransport_key_identifier
PKA key importCSNDPKI

importer_key_identifier

PKA key translateCSNDPKTsource_key_identifier

source_transport_key_identifier

target_transport_key_identifier

PKA key token changeCSNDPKTCkey_identifier
PKA public key extractCSNDPKXsource_key_identifier

target_public_key_token

Prohibit exportCSNBPEXkey_identifier
Prohibit export extendedCSNBPEXXsource_key_token,

kek_key_identifier

Remote key exportCSNDRKXtrusted_block_identifier

transport_key_identifier

importer_key_identifier

source_key_identifier

Restrict key attributeCSNBRKAkey_identifier
Secure key importCSNBSKIimporter_key_identifier

key_identifier

Secure messaging for keysCSNBSKYinput_key_identifier

key_encrypting_key_identifier

secmsg_key_identifier

Secure messaging for PINsCSNBSPNPIN_encrypting_key_identifier

secmsg_key_identifier

SET block composeCSNDSBCRSA_public_key_identifier

DES_key_block

RSA_OAEP_block

SET block decomposeCSNDSBDRSA_private_key_identifier

DES_key_block (one or two tokens)

Symmetric algorithm decipherCSNBSADkey_identifier
Symmetric algorithm encipherCSNBSAEkey_identifier
Symmetric key decipherCSNBSYDkey_identifier
Symmetric algorithm encipherCSNBSYEkey_identifier
Symmetric key exportCSNDSYXDATA_key_identifier

RSA_public_key_identifier

Symmetric key generateCSFSYGkey_encrypting_key_identifier

RSA_public_key_identifier

DES_enciphered_key_token

Symmetric key importCSNDSYIRSA_enciphered_key

RSA_private_key_identifier

Symmetric key import2CSNDSYI2RSA_private_key_identifier
Transaction validationCSNBTRVtransaction_key_identifier
Transform CDMF keyCSNBTCKsource_key_identifier

kek_key_identifier

Trusted block createCSNDTBCinput_block_identifier

transport_key_identifier

TR-31 ExportCSNBT31Xsource_key_identifier

unwrap_kek_identifier

wrap_kek_identifier

TR-31 ImportCSNBT31Iunwrap_kek_identifier,

wrap_kek_identifier

User derived keyCSFUDKderivation_key_identifier

source_key_identifier

VISA CVV service generateCSNBCSGCVV_key_A_Identifier

CVV_key_B_Identifier

VISA CVV service verifyCSNBCSVCVV_key_A_Identifier

CVV_key_B_Identifier

The callable services that are affected by the no duplicates key store policy controls are listed in the table below.

Table 32. Callable services that are affected by the no duplicates key store policy controls
ICSF callable service31-bit nameParameter checked
Key part importCSNBKPIkey_identifier
Key record writeCSNBKRWkey_token
PKA Key GenerateCSNDPKG/CSNFPKGgenerated_key_token
PKA Key ImportCSNDPKI/CSNFPKIsource_key_identifier
PKDS record createCSNDKRC/CSNFKRCtoken
PKDS record readCSNDKRRtoken
PKDS record writeCSNDKRWkey_token
Trusted Block CreateCSNDTBCinput_block_identifier

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014