Filter
Top Products
CCA Release 2.54 Key_Generate
unless you are using the TOKEN keyword, you must identify a null key-token
on input.
Required Commands
Depending on your specification of key form, key type, and use of the SINGLE-R
key length control, different commands are required to enable operation of the
Key_Generate verb.
If you specify the key-form and key-type combinations shown with an X in the
Key_Form OP column in Figure 5-11 on page 5-48, the Key_Generate verb
requires the Generate Key command (offset X'008E') to be enabled in the
active role.
If you specify the key-form and key-type combinations shown with an X in the
Key_Form IM column in Figure 5-11 on page 5-48, the Key_Generate verb
requires the Generate Key Set command (offset X'008C') to be enabled in the
active role. The verb will apply the restrictive rules of the IMEX column in
Figure 5-12 on page 5-49 to the generation of the IM form key.
If you specify the key-form and key-type combinations shown with an X in the
Key_Form EX column in Figure 5-11 on page 5-48, the Key_Generate verb
requires the Generate Key Set command (offset X'008C') to be enabled in the
active role. The verb will apply the restrictive rules of the EXEX column in
Figure 5-12 on page 5-49 to the generation of the EX form key.
If you specify the key-form and key-type combinations shown with an X in
Figure 5-12, the Key_Generate verb requires the Generate Key Set command
(offset X'008C') to be enabled in the active role.
If you specify the key-form and key-type combinations shown with an E in
Figure 5-12 on page 5-49, the Key_Generate verb requires the Generate Key
Set Extended command (offset X'00D7') to be enabled in the active role.
If you specify the SINGLE-R key-length keyword, the Key_Generate verb also
requires the Replicate Key command (offset X'00DB') to be enabled in the
active role.
Related Information
The following sections discuss the key_type and key_length parameters.
Key-Type Specifications
Generated keys are returned multiply-enciphered by a key-encrypting key, or by a
master key, exclusive-ORed with the control vector associated with that copy of the
generated key. (See “CCA Key Encryption and Decryption Processes” on
page C-12.)
There are two methods for specifying the type of key(s) to be generated:
Specify a key-type keyword(s) from Figure 5-11 on page 5-48 or Figure 5-12
on page 5-49
Use the TOKEN keyword and encode the key type and other information in the
control vector you provide in the generated_key_identifier_n key-token
variables.
Use of the key-type keywords generates default control vector values. See
Figure C-2 on page C-3. One or two keywords are examined based on the
key_form variable. Figure 5-11 on page 5-48 shows the key-type keywords you
Chapter 5. DES Key-Management 5-47