Filter
Top Products
CCA Release 2.54
Chapter 7. Key-Storage Verbs
This chapter describes how you can use key-storage mechanisms and the
associated verbs for creating, writing, reading, listing, and deleting records in key
storage.
Figure 7-1. Key-Storage-Record Services
Verb Page Service Entry
Point
Svc
Lcn
DES_Key_Record_Create 7-4 Creates a key record in DES key-storage. CSNBKRC S
DES_Key_Record_Delete 7-5 Deletes a key record or deletes the key token from a key
record in DES key-storage.
CSNBKRD S
DES_Key_Record_List 7-7 Lists the key names of the key records in DES
key-storage.
CSNBKRL S
DES_Key_Record_Read 7-9 Reads a key token from DES key-storage. CSNBKRR S
DES_Key_Record_Write 7-10 Writes a key token into DES key-storage. CSNBKRW S
PKA_Key_Record_Create 7-11 Creates a record in the public-key key-storage. CSNDKRC S
PKA_Key_Record_Delete 7-13 Deletes a record or deletes the key token from a record in
public-key key-storage.
CSNDKRD S
PKA_Key_Record_List 7-15 Lists the key names of the records in public-key
key-storage.
CSNDKRL S
PKA_Key_Record_Read 7-17 Reads a key token from public-key key-storage. CSNDKRR S
PKA_Key_Record_Write 7-19 Writes a key token in public-key key-storage. CSNDKRW S
Retained_Key_Delete 7-21 Deletes a key retained within the cryptographic engine. CSNDRKD E
Retained_Key_List 7-22 Lists the public and private RSA keys retained within the
cryptographic engine.
CSNDRKL E
Service location (Svc Lcn): E=Cryptographic Engine, S=Security API software
Key Labels and Key-Storage Management
Use the verbs described in this chapter to manage key storage. The CCA support
software manages key storage as an indexed repository of key records. Access
key storage through the use of a key label.
There are several independent key-storage systems to manage records for DES
key-records and for PKA key-records. DES key-storage holds internal DES
key-tokens. PKA key-storage holds both internal and external public and private
RSA key-tokens.
Also, public and private RSA-keys can be retained within the Coprocessor. Public
RSA-keys are loaded into the Coprocessor through use of the
PKA_Public_Key_Hash_Register and PKA_Public_Key_Register verbs. Private
RSA-keys are generated and optionally retained within the Coprocessor using the
PKA_Key_Generate verb. Depending on the other uses for Coprocessor storage,
between 75 and 150 keys can normally be retained within the Coprocessor.
Key storage must be initialized before any records are created. Before a key token
can be stored in key storage, a key-storage record must be created using the
Key_Record_Create verb.
Copyright IBM Corp. 1997, 2005 7-1