Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 PKA_Key_Generate

Parameters

For the definitions of the return_code, reason_code, exit_data_length, and exit_data

parameters, see “Parameters Common to All Verbs” on page 1-11.

rule_array_count

The rule_array_count parameter is a pointer to an integer variable containing

the number of elements in the rule_array variable. The value must be one or

two for this verb.

rule_array

The rule_array parameter is a pointer to a string variable containing an array of

keywords. The keywords are eight bytes in length, and must be left-justified

and padded on the right with space characters. The rule_array keywords are

shown below:

regeneration_data_length

The regeneration_data_length parameter is a pointer to an integer variable

containing the number of bytes of data in the regeneration_data variable. This

must be a value of 0, or in the range 8 to 256, inclusive. If the value is 0, the

generated keys will be based on a random-seed value. If this value is between

8 and 256, the regeneration data will be hashed to form a seed value used in

the key generation process to provide a means for recreating a public-private

key pair.

regeneration_data

The regeneration_data parameter is a pointer to a string variable containing a

value used as the basis for creating a particular public-private key pair in a

repeatable manner. The regeneration data will be hashed to form a seed value

used in the key generation process and provides a means for recreating a

public-private key pair.

skeleton_key_token_length

The skeleton_key_token_length parameter is a pointer to an integer variable

containing the number of bytes of data in the skeleton_key_token variable. The

maximum length is 2500 bytes.

Keyword Meaning

Private-key encryption (one required)

MASTER Enciphers the private key under the asymmetric master-key.

The transport_key_token should specify a null key-token.

XPORT Enciphers the private key under the IMPORTER or

EXPORTER key-encrypting-key identified by the

transport_key_token parameter.

CLEAR Returns the private key in cleartext.

RETAIN Returns the private key within the cryptographic engine and

returns the public key in the generated_key_identifier variable.

The name presented in the generated_key_identifier variable

is used later to access the retained private key.

Options (optional)

CLONE Flags as usable a retained private RSA key in a cryptographic

engine “cloning” operation. This keyword requires the

RETAIN keyword to also be specified.

Chapter 3. RSA Key-Management 3-9

previous next