IBM 2 Computer Hardware User Manual


  Open as PDF
of 508
 
PKA_Key_Token_Build CCA Release 2.54
PKA_Key_Token_Build (CSNDPKB)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
The PKA_Key_Token_Build verb constructs a public-key architecture (PKA)
key-token from the supplied information.
This verb is used to create the following:
A skeleton_key_token for use with the PKA_Key_Generate verb
A key token with a public key that has been obtained from another source
A key token with a clear private-key and the associated public key.
Other than a skeleton key-token prepared for use with the PKA_Key_Generate
verb, every PKA key-token contains a public-key value. A token optionally contains
a private-key value.
See “RSA PKA Key-Tokens” on page B-6 for a description of the key token
formats. With Version 2 software, you create RSA private-key tokens for section
types:
X'08' using the RSA-CRT keyword to obtain a token format for a key usable with
the Chinese-Remainder Theorem (CRT) algorithm.
X'02' using the RSA-PRIV keyword to obtain a token format for a key in
modulus-exponent form
X'04' using the RSA-PUBL keyword to obtain a token format for a public key.
You specify:
The token type:
RSA-CRT for an RSA Chinese-Remainder Theorem token
RSA-PRIV for an RSA modulus-exponent token
RSA-PUBL for an RSA public-key only token.
The usage limits for a private key:
If an RSA private-key may be allowed to import a symmetric key, and the
key may also be used to create digital signatures, include the KEY-MGMT
keyword in the rule array.
If a private key should be prevented from use in digital signature
generation, include the KM-ONLY keyword in the rule array.
If an RSA private-key should be prevented from use in importing of DES
keys, you may include the SIG-ONLY keyword in the rule array. This is the
default.
A key name when:
You need to specify the key-label for a retained private key in a skeleton
key-token.
You are providing a key name for an access-control check in certain
systems (i.e. for IBM eServer zSeries ICSF).
3-14 IBM 4758 CCA Basic Services, Release 2.54, February 2005
 previous next