IBM 2 Computer Hardware User Manual


  Open as PDF
of 508
 
Key_Generate CCA Release 2.54
Key_Generate (CSNBKGN)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
The Key_Generate verb generates a random DES key and returns one or two
enciphered copies of the key, ready to use or distribute.
A control vector associated with each copy of the key defines the type of key and
any specific restrictions on the use of the key. Only certain combinations of key
types are permitted when you request two copies of a key. Specify the type of key
through a key type keyword, or by providing a key token or tokens with a control
vector into which the verb can place the keys. If you specify TOKEN as a
key-type, the verb uses the preexisting control-vector from the key token. Use of
the TOKEN keyword allows you to associate other than default control vectors with
the generated keys. Use of the TOKEN keyword is the preferred coding style.
Based on the key_form variable, the verb encrypts a copy or copies of the
generated key under one or two of the following:
The master key
An IMPORTER key-encrypting-key
An EXPORTER key-encrypting-key.
Request two copies of a key when you intend to distribute the key to more than
one node, or when you want a copy for immediate local use and the other copy
available for later local import.
Specify the key length of the generated key. A DES key can be either single or
double length. Certain types of CCA keys must be double length, for example,
EXPORTER and IMPORTER key-encrypting-keys. In certain cases, you need such
a key to perform as a single-length key. In these cases, specify SINGLE-R, “single
replicated.” A double-length key with equal halves performs as though the key were
a single-length key.
Specify where the generated key copies should be returned, either to application
storage or to key storage. In either case, a null key-token can be overwritten by a
default key-token taken from your specification of key-type. If you provide an
existing key-token, the verb replaces the key value in the token.
Restrictions
None
5-44 IBM 4758 CCA Basic Services, Release 2.54, February 2005
 previous next