Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 PKA_Key_Generate

PKA_Key_Generate (CSNDPKG)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The PKA_Key_Generate verb is used to generate a public-private key-pair for use

with the RSA algorithm.

The skeleton_key_token specified to the verb determines the following

characteristics of the generated key-pair:

 The key type: RSA

 The key length (modulus size)

 The RSA public-key exponent, valued to 3, 2

16

+1, or random

 Any RSA private-key optimization (modulus-exponent versus “Chinese

Remainder” form)

 Any signatures and signature-information that should be associated with the

public key.

The skeleton_key_token can be created using the PKA_Key_Token_Build verb.

See page 3-14.

| Normally the output key is randomly generated. You may find it useful in testing

| situations to recreate the same key values. By providing “regeneration data,” a

| seed can be supplied so that the same value of the generated key can be obtained

| in multiple instances. Beginning with Release 2.53, you must enable the use of

| regeneration data with an additional command. See Required Commands for this

| verb. Of course you should not use regeneration data in production environments.

The process for generating a particular key pair from regeneration data may vary

between product implementations. Therefore, you should not rely on obtaining the

same key-pair for a given regeneration-data string between products.

The generated private-key can be returned in one of three forms:

 In cleartext form

 Enciphered by the CCA asymmetric master-key

 Enciphered by a transport key, either a DES IMPORTER or DES EXPORTER

key-encrypting-key. If the private key is enciphered by an IMPORTER key, it

can be imported to the generating node. If the private key is enciphered by an

EXPORTER key, it can be imported to a node where the corresponding

IMPORTER key is installed.

Using the RETAIN rule-array keyword, you can cause the private key to be retained

within the Coprocessor. You incorporate the key label by which you will later

reference the newly generated key in the “key name” section of the skeleton

key-token. (Later, you use this label to employ the key in verbs such as

Digital_Signature_Generate, PKA_Symmetric_Key_Import, Master_Key_Distribution,

SET_Block_Decompose, and PKA_Decrypt.) On output, the verb returns an

external key-token containing the public key in the generated_key_identifier

variable. The generated_key_identifier variable returned from the verb will not

contain the private key.

Chapter 3. RSA Key-Management 3-7

previous next