Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 PKA_Symmetric_Key_Generate

PKA_Symmetric_Key_Generate (CSNDSYG)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The PKA_Symmetric_Key_Generate verb generates a random DES-key and

enciphers the key value. The key value is enciphered under an RSA public-key for

distribution to a remote node (that has the associated private key). The key value

is also multiply-enciphered under either the symmetric master-key or a DES

key-encrypting-key.

Rule-array keywords define how the RSA-enciphered key shall be enciphered, the

length of the generated key, and the type of DES key used to encipher the local

copy of the key.

There are three classes of rule-array keywords:

1. Required keywords to select the formatting method used to expand and secure

the generated key that is encrypted (wrapped) by the public key. Three of the

methods deal with DATA keys and the other two are used with key-encrypting

keys.

2. Optional key-length keywords to control the length of the generated key.

3. When generating DATA keys, optional keywords to select the key used to

encrypt (wrap) the local_enciphered_key.

Key encryption (wrapping) methods:

 DATA keys, either single-length or double-length, can be generated with the

default DATA control-vector as defined in Figure C-2 on page C-3. One copy

of the key, the local_enciphered_key, is returned encrypted by the symmetric

master key or by an IMPORTER or EXPORTER key-encrypting-key. If you do

not specify a null key-token, you must supply either the single-length or

double-length default control vector in a key token.

The public key is used to wrap another copy of the generated key and returned

in the RSA_enciphered_key_token. On input you must specify a null

key-token. You choose how the generated key shall be formatted prior to RSA

encryption using one of these keywords:

PKCSOAEP The key is formatted into an “encrypted message” following the

rules defined in the RSA Laboratories PKCS#1 v2.0 RSAES-OAEP

specification. See “PKCS #1 Formats” on page D-19.

PKCS-1.2 The key is formatted into an “encrypted message” following the

rules defined in the RSA Laboratories PKCS#1 v2.0

RSAES-PKCS1-v1_5 specification. See “PKCS #1 Formats” on

page D-19.

ZERO-PAD The generated key value is extended with zero bits to the left.

Chapter 5. DES Key-Management 5-81

previous next