Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Chapter 3. RSA Key-Management

This chapter describes the management of RSA public and private keys and how

you can:

 Generate keys with various characteristics

 Import keys from other systems

 Protect and move a private key from one node to another.

The verbs listed in Figure 3-1 are used to perform cryptographic functions and

assist you in obtaining key-token data structures.

Figure 3-1. Public-Key Key-Administration Services

Verb Page Service Entry

Point

Svc

Lcn

PKA_Key_Generate 3-7 Generates a public-private key-pair. CSNDPKG E

PKA_Key_Import 3-11 Imports a public-private key-pair. CSNDPKI E

PKA_Key_Token_Build 3-14 Builds a public-key-architecture (PKA) key-token. CSNDPKB S

PKA_Key_Token_Change 3-22 Reenciphers a private key from the old asymmetric

master-key to the current asymmetric master-key.

CSNDKTC E

PKA_Public_Key_Extract 3-24 Extracts a public key from a public-private public-key

token.

CSNDPKX S

PKA_Public_Key_Hash_Register 3-26 Registers the hash of a public key used later to verify an

offered public key. See PKA_Public_Key_Register.

CSNDPKH E

PKA_Public_Key_Register 3-28 Registers a public key used later to verify an offered

public-key. Registration requires that a hash of the public

key has previously been registered within the Coprocessor.

See PKA_Public_Key_Hash_Register.

CSNDPKR E

Service location (Svc Lcn): E=Cryptographic Engine, S=Security API software

RSA Key-Management

This implementation of CCA supports a set of public-key cryptographic services that

are collectively designated PKA96. The PKA96 services support the RSA

public-key algorithm and related hashing methods including MD5 and SHA-1.

Figure 3-2 on page 3-2 shows the relationship among the services, the

public-private key-token, and other data involved with supporting digital signatures

and symmetric (DES) key exchange.

These topics are discussed in this section:

 How to generate a public-private key pair

 How to import keys from other systems

 How to update a private key when the asymmetric master-key that protects a

private key is changed

 How to use the keys and provide for private-key protection

 How to use a private key at multiple nodes

 How to register and retain a public key.

 Copyright IBM Corp. 1997, 2005 3-1

previous next