Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

PKA_Symmetric_Key_Export CCA Release 2.54

PKA_Symmetric_Key_Export (CSNDSYX)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The PKA_Symmetric_Key_Export verb enciphers a symmetric DES or CDMF

default DATA-key using an RSA public key.

Specify the symmetric key to be exported, the exporting RSA public-key, and a

rule-array keyword to define the key-formatting method. The DATA control-vector

must have the default value for a single-length or a double-length key as listed in

Figure C-2 on page C-3.

Choose a key-formatting method through a rule array keyword specification. The

formatted key is then enciphered (wrapped) using the supplied public key.

Formatting options:

PKCSOAEP The PKCSOAEP keyword specifies to format a single-length or

double-length DATA key (or CDMF key) according to the method described in

the RSA DSI PKCS#1-v2.0 documentation for RSAES-OAEP. See “PKCS #1

Formats” on page D-19.

PKCS-1.2 The PKCS-1.2 keyword specifies to format a single-length or

double-length DATA key (or CDMF key) according to the method described in

the RSA DSI PKCS #1 documentation for block type 2. In the RSA PKCS #1

v2.0 standard, RSA terminology describes this as the RSAES-PKCS1-v1_5

format. See “PKCS #1 Formats” on page D-19.

ZERO-PAD The ZERO-PAD keyword specifies to format a single-length or

double-length DATA key (or CDMF key) by padding the key value to the left

with bits valued to zero.

Restrictions

The RSA public-key modulus size (key size) is limited by the Function Control

Vector to accommodate potential governmental export and import regulations.

You can only export a default DATA-key with this verb.

Format

CSNDSYX

return_code Output Integer

reason_code Output Integer

exit_data_length In/Output Integer

exit_data In/Output String exit_data_length bytes

rule_array_count Input Integer one

rule_array Input String

array

rule_array_count * 8 bytes

source_key_identifier_length Input Integer

source_key_identifier Input String source_key_identifier_length

bytes

RSA_public_key_token_length Input Integer

RSA_public_key_token Input String RSA_public_key_identifier_length

bytes

RSA_enciphered_key_length In/Output Integer

RSA_enciphered_key Output String RSA_enciphered_key_length

bytes

5-78 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next