1944 lines
53 KiB
HTML
1944 lines
53 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<!-- Begin Header Records -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Created for V5R3 by beth hagemeister 5/30/02 -->
|
||
|
<!-- Change history: -->
|
||
|
<!-- 030211 JETAYLOR html cleanup -->
|
||
|
<!-- 030826 BILLINGS updates -->
|
||
|
<!-- 031015 BILLINGS changes to KEYD0200 format -->
|
||
|
<!-- correction to Key format -->
|
||
|
<!-- 040706 BILLINGS V5R4 changes -->
|
||
|
<!-- 050315 BILLINGS V5R4 message updates -->
|
||
|
<!-- 050321 BILLINGS V5R4 Update App Id length -->
|
||
|
<!-- end header records -->
|
||
|
<title>Decrypt Data (QC3DECDT, Qc3DecryptData)</title>
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!--Java sync-link-->
|
||
|
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
|
||
|
<h2>Decrypt Data (QC3DECDT, Qc3DecryptData)</h2>
|
||
|
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Required Parameter Group:<br>
|
||
|
<br>
|
||
|
|
||
|
<table width="100%">
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">1</td>
|
||
|
<td align="left" valign="top" width="60%">Encrypted data</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">2</td>
|
||
|
<td align="left" valign="top" width="60%">Length of encrypted data</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Binary(4)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">3</td>
|
||
|
<td align="left" valign="top" width="60%">Algorithm description</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">4</td>
|
||
|
<td align="left" valign="top" width="60%">Algorithm description format
|
||
|
name</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(8)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">5</td>
|
||
|
<td align="left" valign="top" width="60%">Key description</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">6</td>
|
||
|
<td align="left" valign="top" width="60%">Key description format name</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(8)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">7</td>
|
||
|
<td align="left" valign="top" width="60%">Cryptographic service provider</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(1)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">8</td>
|
||
|
<td align="left" valign="top" width="60%">Cryptographic device name</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Char(10)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">9</td>
|
||
|
<td align="left" valign="top" width="60%">Clear data</td>
|
||
|
<td align="left" valign="top" width="15%">Output</td>
|
||
|
<td align="left" valign="top" width="15%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">10</td>
|
||
|
<td align="left" valign="top" width="60%">Length of area provided for clear
|
||
|
data</td>
|
||
|
<td align="left" valign="top" width="15%">Input</td>
|
||
|
<td align="left" valign="top" width="15%">Binary(4)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">11</td>
|
||
|
<td align="left" valign="top" width="60%">Length of clear data returned</td>
|
||
|
<td align="left" valign="top" width="15%">Output</td>
|
||
|
<td align="left" valign="top" width="15%">Binary(4)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">12</td>
|
||
|
<td align="left" valign="top" width="60%">Error code</td>
|
||
|
<td align="left" valign="top" width="15%">I/O</td>
|
||
|
<td align="left" valign="top" width="15%">Char(*)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
Service Program Name: QC3DTADE <br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default Public Authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API
|
||
|
restores encrypted data to a clear (intelligible) form.</p>
|
||
|
|
||
|
<p>Information on cryptographic standards can be found in the <a href=
|
||
|
"qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE,
|
||
|
Qc3CreateAlgorithmContext) API</a> documentation.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt><strong>Required device description authority</strong></dt>
|
||
|
|
||
|
<dd>*USE<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="delta.gif" alt="Start of change"></dt>
|
||
|
|
||
|
<dt><strong>Required file authority</strong></dt>
|
||
|
|
||
|
<dd>*OBJOPR, *READ<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="deltaend.gif" alt="End of change"></dt>
|
||
|
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Encrypted data</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The data to decrypt.<br>
|
||
|
</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Length of encrypted data</strong></dt>
|
||
|
|
||
|
<dd>INPUT; BINARY(4)
|
||
|
|
||
|
<p>The length of the encrypted data parameter.<br>
|
||
|
If the mode of operation is CFB 1-bit, this length must be specified in bits.
|
||
|
</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Algorithm description</strong><br>
|
||
|
</dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The algorithm and associated parameters for decrypting the data.<br>
|
||
|
The format of the algorithm description is specified in the algorithm
|
||
|
description format name parameter.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Algorithm description format name</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(8)
|
||
|
|
||
|
<p>The format of the algorithm description.<br>
|
||
|
The possible format names follow.</p>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong><a href="#algd0100">ALGD0100</a></strong></dt>
|
||
|
|
||
|
<dd>The token for an algorithm context. This format must be used when
|
||
|
performing the decrypt operation over multiple calls. After the last call (when
|
||
|
the final operation flag is on), the context will reset to its initial state
|
||
|
and can be used in another API.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#algd0200">ALGD0200</a></strong></dt>
|
||
|
|
||
|
<dd>Parameters for a block cipher algorithm (DES, Triple DES, AES, and
|
||
|
RC2).<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#algd0300">ALGD0300</a></strong></dt>
|
||
|
|
||
|
<dd>Parameters for a stream cipher algorithm (RC4-compatible).<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#algd0400">ALGD0400</a></strong></dt>
|
||
|
|
||
|
<dd>Parameters for a public key algorithm (RSA).<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<p>See <a href="#algs">Algorithm Description Formats</a> for a description of
|
||
|
these formats.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key description</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The key and associated parameters for decrypting the data.<br>
|
||
|
The format of the key description is specified in the key description format
|
||
|
name parameter.<br>
|
||
|
If the decrypt operation extends over multiple calls (see ALGD0100 description above), only the key description from the first call will be used. Therefore, on subsequent calls, you may set the pointer to this parameter to NULL.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key description format name</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(8)
|
||
|
|
||
|
<p>The format of the key description.<br>
|
||
|
If the pointer to the key description parameter is NULL, this parameter will be ignored.<br>
|
||
|
The possible format names follow.</p>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong><a href="#keyd0100">KEYD0100</a></strong></dt>
|
||
|
|
||
|
<dd>Key context token. This format identifies a key context. A key context is
|
||
|
used to store a key value so it need not be recreated or retrieved every time it
|
||
|
is used. To create a key context, use the
|
||
|
<a href="qc3crtkx.htm">Create Key Context (OPM, QC3CRTKX;
|
||
|
ILE, Qc3CreateKeyContext)</a> API.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0200">KEYD0200</a></strong></dt>
|
||
|
|
||
|
<dd>Key parameters.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="delta.gif" alt="Start of change"></dt>
|
||
|
|
||
|
<dt><strong><a href="#keyd0400">KEYD0400</a></strong></dt>
|
||
|
<dd>Key store label. This format identifies a key from key store.
|
||
|
For more information on cryptographic services key store, refer to the
|
||
|
<a href="qc3KeyStore.htm">Cryptographic Services Key Store</a> article.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0500">KEYD0500</a></strong></dt>
|
||
|
<dd>PKCS5 passphrase. This format derives a key using RSA Data Security,
|
||
|
Inc. Public-Key Cryptography Standard (PKCS) #5.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0600">KEYD0600</a></strong></dt>
|
||
|
<dd>PEM certificate. This format uses the PKA key in an ASCII encoded
|
||
|
PEM based certificate.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0700">KEYD0700</a></strong></dt>
|
||
|
<dd>Certificate label. This format uses the public PKA key identified by a
|
||
|
label into system certificate key store (*SYSTEM).<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0800">KEYD0800</a></strong></dt>
|
||
|
<dd>Distinguished name. This format uses the public PKA key identified by a
|
||
|
distinguished name for a certificate in system certificate key store
|
||
|
(*SYSTEM).<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong><a href="#keyd0900">KEYD0900</a></strong></dt>
|
||
|
<dd>Application identifier. This format uses the private PKA key identified by
|
||
|
an application identifier. The application identifier must be assigned to a
|
||
|
valid certificate label in system certificate key store (*SYSTEM).<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="deltaend.gif" alt="End of change"></dt>
|
||
|
|
||
|
</dl>
|
||
|
|
||
|
<p>See <a href="#keys">Key Description Formats</a> for a description of these
|
||
|
formats.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Cryptographic service provider</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(1)
|
||
|
|
||
|
<p>The cryptographic service provider (CSP) that will perform the decryption
|
||
|
operation.</p>
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Any CSP.<br>
|
||
|
The system will choose an appropriate CSP to perform the decryption operation.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><strong>1</strong></td>
|
||
|
<td align="left" valign="top">Software CSP.<br>
|
||
|
The system will perform the decryption operation using software. If the
|
||
|
requested algorithm is not available in software, an error is returned.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><strong>2</strong></td>
|
||
|
<td align="left" valign="top">Hardware CSP.<br>
|
||
|
The system will perform the decryption operation using cryptographic hardware.
|
||
|
If the requested algorithm is not available in hardware, an error is returned.
|
||
|
A specific cryptographic device can be specified using the cryptographic device
|
||
|
name parameter. If the cryptographic device is not specified, the system will
|
||
|
choose an appropriate one.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Cryptographic device name</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(10)
|
||
|
|
||
|
<p>The name of a cryptographic device description.<br>
|
||
|
This parameter is valid when the cryptographic service provider parameter
|
||
|
specifies 2 (hardware CSP). Otherwise, this parameter must be blanks or
|
||
|
the pointer to this parameter set to NULL.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Clear data</strong></dt>
|
||
|
|
||
|
<dd>OUTPUT; CHAR(*)
|
||
|
|
||
|
<p>The area to store the decrypted data.<br>
|
||
|
</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Length of area provided for clear data</strong></dt>
|
||
|
|
||
|
<dd>INPUT; BINARY(4)
|
||
|
|
||
|
<p>The length of the clear data parameter.<br>
|
||
|
If the mode of operation is CFB 1-bit, this length must be specified in bits.<br>
|
||
|
To ensure sufficient space, specify an area at least as large as the length of
|
||
|
encrypted data.
|
||
|
If the length of area provided for clear data is too small, an error will be
|
||
|
generated and no data will be returned in the clear data parameter.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Length of clear data returned</strong></dt>
|
||
|
|
||
|
<dd>OUTPUT; BINARY(4)
|
||
|
|
||
|
<p>The length of the clear data returned in the clear data parameter.<br>
|
||
|
If the mode of operation is CFB 1-bit, this length will be returned in bits.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Error code</strong></dt>
|
||
|
|
||
|
<dd>I/O; CHAR(*)
|
||
|
|
||
|
<p>The structure in which to return error information.<br>
|
||
|
For the format of the structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code
|
||
|
Parameter</a>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="algs">Algorithm Description Formats</a></h3>
|
||
|
|
||
|
For detailed descriptions of the table fields, see <a href="#algfield">
|
||
|
Algorithm Description Formats Field Descriptions</a>.
|
||
|
|
||
|
<h4><a name="algd0100">ALGD0100 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(8)</td>
|
||
|
<td align="left" valign="top" width="63%">Algorithm context token</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Final operation flag</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="algd0200">ALGD0200 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Block cipher algorithm</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Block length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Mode</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">9</td>
|
||
|
<td align="center" valign="top" width="9%">9</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Pad option</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">10</td>
|
||
|
<td align="center" valign="top" width="9%">A</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Pad character</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">11</td>
|
||
|
<td align="center" valign="top" width="9%">B</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">12</td>
|
||
|
<td align="center" valign="top" width="9%">C</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">MAC length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">16</td>
|
||
|
<td align="center" valign="top" width="9%">10</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Effective key size</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">20</td>
|
||
|
<td align="center" valign="top" width="9%">14</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(32)</td>
|
||
|
<td align="left" valign="top" width="63%">Initialization vector</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="algd0300">ALGD0300 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Stream cipher algorithm</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="algd0400">ALGD0400 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Public key cipher algorithm</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">PKA block format</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">5</td>
|
||
|
<td align="center" valign="top" width="9%">5</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(3)</td>
|
||
|
<td align="left" valign="top" width="63%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Signing hash algorithm</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="algfield"><strong>Algorithm Description Formats Field
|
||
|
Descriptions</strong></a></h4>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Algorithm context token</strong></dt>
|
||
|
|
||
|
<dd>A token for an algorithm context. The algorithm context is created using
|
||
|
the <a href="qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE,
|
||
|
Qc3CreateAlgorithmContext) API</a>.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Block cipher algorithm</strong></dt>
|
||
|
|
||
|
<dd>The decryption algorithm. Following are the valid block cipher algorithms.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>20</strong></td>
|
||
|
<td align="left" valign="top" width="95%">DES</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>21</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Triple DES</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>22</strong></td>
|
||
|
<td align="left" valign="top" width="95%">AES</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>23</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RC2</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Block length</strong></dt>
|
||
|
|
||
|
<dd>The algorithm block length. For DES, Triple DES, and RC2, the block length
|
||
|
field must specify 8. The valid block length values for AES are 16, 24, and
|
||
|
32.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Effective key size</strong></dt>
|
||
|
|
||
|
<dd>For RC2, the number of key bits to use in the cipher operation. Valid
|
||
|
values are from 1 to 1024. If RC2 is not specifed for the block cipher
|
||
|
algorithm, this field must be set to 0.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Final operation flag</strong></dt>
|
||
|
|
||
|
<dd>The final processing indicator.<br>
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Continue.<br>
|
||
|
The system will not perform final processing and the algorithm context will
|
||
|
maintain the state of the operation. The algorithm context can be used on
|
||
|
future calls to this API to continue the decryption operation.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><strong>1</strong></td>
|
||
|
<td align="left" valign="top">Final.<br>
|
||
|
The system will perform final processing (e.g. remove padding) and the
|
||
|
algorithm context will reset to its initial state. The algorithm context can
|
||
|
then be used to begin a new cryptographic operation (encrypt, decrypt,
|
||
|
etc.). When performing a final operation, the pointer to the encrypted data
|
||
|
parameter may be set to NULL and the length of encrypted data parameter
|
||
|
set to 0. Final must be specified when performing an RSA operation.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Initialization vector</strong></dt>
|
||
|
|
||
|
<dd>The initialization vector (IV). An IV is not used for mode ECB, and must be
|
||
|
set to nulll (binary 0's). Refer to the mode standards for an explanation of its
|
||
|
use. For DES, Triple DES, and RC2, the first 8 bytes are used as the IV. For
|
||
|
AES, the length of IV used is that specified by block length. The IV must be
|
||
|
the same as the IV used to encrypt the data.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>MAC length</strong></dt>
|
||
|
|
||
|
<dd>This field is not used on a decrypt operation and must be set to null
|
||
|
(binary 0s).
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Mode</strong></dt>
|
||
|
|
||
|
<dd>The mode of operation. Information on modes can be found in FIPS PUB 81 and
|
||
|
ANSI X9.52. Following are the valid modes.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">ECB</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>1</strong></td>
|
||
|
<td align="left" valign="top" width="95%">CBC</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>2</strong></td>
|
||
|
<td align="left" valign="top" width="95%">OFB. Not valid with AES or RC2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>3</strong></td>
|
||
|
<td align="left" valign="top" width="95%">CFB 1-bit. Not valid with AES or
|
||
|
RC2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>4</strong></td>
|
||
|
<td align="left" valign="top" width="95%">CFB 8-bit. Not valid with AES or
|
||
|
RC2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>5</strong></td>
|
||
|
<td align="left" valign="top" width="95%">CFB 64-bit. Not valid with AES or
|
||
|
RC2.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Pad character</strong></dt>
|
||
|
|
||
|
<dd>This field is not used on a decrypt operation and must be set to null
|
||
|
(binary 0s).
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Pad option</strong></dt>
|
||
|
|
||
|
<dd>If requested, padding is removed at the end of the decrypt operation.
|
||
|
Padding is not performed for modes CFB 1-bit and CFB 8-bit. In these cases, the
|
||
|
pad option must be set to 0. Do not specify remove padding if the data was not
|
||
|
padded when encrypted. Following are the valid pad options.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Do not remove padding.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>1</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Remove padding.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>PKA block format</strong></dt>
|
||
|
|
||
|
<dd>The public key algorithm block format. Following are the valid values.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">PKCS #1 block type 00</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>1</strong></td>
|
||
|
<td align="left" valign="top" width="95%">PKCS #1 block type 01</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>2</strong></td>
|
||
|
<td align="left" valign="top" width="95%">PKCS #1 block type 02<br>
|
||
|
This format is recommended when decrypting non-hash items (such as keys). The
|
||
|
other formats are normally used in sign and verify functions.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>4</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Zero pad<br>
|
||
|
Zero pad is not removed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>6</strong></td>
|
||
|
<td align="left" valign="top" width="95%">OAEP</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
|
||
|
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Public key cipher algorithm</strong></dt>
|
||
|
|
||
|
<dd>The decryption algorithm. Following are the valid public key cipher
|
||
|
algorithms.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>50</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RSA</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Reserved</strong></dt>
|
||
|
|
||
|
<dd>Must be null (binary 0s).
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Signing hash algorithm</strong></dt>
|
||
|
|
||
|
<dd>This field is not used on a decrypt operation and must be set to null
|
||
|
(binary 0s).
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Stream cipher algorithm</strong></dt>
|
||
|
|
||
|
<dd>The decryption algorithm. Following are the valid stream cipher algorithms.
|
||
|
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>30</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RC4-compatible</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
|
||
|
<dd><br>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="keys">Key Description Formats</a></h3>
|
||
|
|
||
|
For detailed descriptions of the table fields, see <a href="#keyfield">Key
|
||
|
Description Formats Field Descriptions</a>.
|
||
|
|
||
|
<h4><a name="keyd0100">KEYD0100 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(8)</td>
|
||
|
<td align="left" valign="top" width="63%">Key context token</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="keyd0200">KEYD0200 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Key type</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Key string length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(1)</td>
|
||
|
<td align="left" valign="top" width="63%">Key format</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">9</td>
|
||
|
<td align="center" valign="top" width="9%">9</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(3)</td>
|
||
|
<td align="left" valign="top" width="63%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">12</td>
|
||
|
<td align="center" valign="top" width="9%">C</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="63%">Key string</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
|
||
|
|
||
|
<h4><a name="keyd0400">KEYD0400 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(20)</td>
|
||
|
<td align="left" valign="top" width="66%">Qualified key store file name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">20</td>
|
||
|
<td align="center" valign="top" width="9%">14</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(32)</td>
|
||
|
<td align="left" valign="top" width="66%">Record label</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">52</td>
|
||
|
<td align="center" valign="top" width="9%">34</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<h4><a name="keyd0500">KEYD0500 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="63%">Key type</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Derived key length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Iteration count</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">12</td>
|
||
|
<td align="center" valign="top" width="9%">C</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Salt length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">16</td>
|
||
|
<td align="center" valign="top" width="9%">10</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(16)</td>
|
||
|
<td align="left" valign="top" width="66%">Salt</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">32</td>
|
||
|
<td align="center" valign="top" width="9%">20</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Passphrase CCSID</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">36</td>
|
||
|
<td align="center" valign="top" width="9%">24</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Passphrase length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">40</td>
|
||
|
<td align="center" valign="top" width="9%">28</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="66%">Passphrase</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
|
||
|
<h4><a name="keyd0600">KEYD0600 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">PEM certificate length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="66%">PEM certificate</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<h4><a name="keyd0700">KEYD0700 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Certificate label length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="66%">Certificate label</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<h4><a name="keyd0800">KEYD0800 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Distinguished name length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="66%">Distinguished name</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<h4><a name="keyd0900">KEYD0900 format</a></h4>
|
||
|
|
||
|
<table border width="70%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="center" valign="top" width="9%">0</td>
|
||
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Application identifier length</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="center" valign="top" width="9%">4</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
||
|
<td align="left" valign="top" width="66%">Reserved</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="center" valign="top" width="9%">8</td>
|
||
|
<td align="left" valign="top" width="19%">CHAR(*)</td>
|
||
|
<td align="left" valign="top" width="66%">Application identifier</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
<br>
|
||
|
|
||
|
<h4><a name="keyfield"><strong>Key Description Formats Field
|
||
|
Descriptions</strong></a></h4>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt><img src="delta.gif" alt="Start of change"></dt>
|
||
|
|
||
|
<dt><strong>Application identifer</strong></dt>
|
||
|
|
||
|
<dd>The application ID assigned to a certificate with a private key in system
|
||
|
certificate key store (*SYSTEM).
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Application identifier length</strong></dt>
|
||
|
|
||
|
<dd>The length of the application ID. The length can not be greater than 32.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Certificate label</strong></dt>
|
||
|
|
||
|
<dd>The label of the certificate in system certificate key store (*SYSTEM). The
|
||
|
certificate's public key will be used in the decryption operation.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Certificate label length</strong></dt>
|
||
|
|
||
|
<dd>The length of the certificate label.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Derived key length</strong></dt>
|
||
|
|
||
|
<dd>The length of key requested. The minimum allowed length is 1.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Distinguished name</strong></dt>
|
||
|
|
||
|
<dd>The distinguished name of the certificate in system certificate key store
|
||
|
(*SYSTEM). The certificate's public key will be used in the decryption
|
||
|
operation.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Distinguished name length</strong></dt>
|
||
|
|
||
|
<dd>The length of the distinguished name.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Iteration count</strong></dt>
|
||
|
|
||
|
<dd>Used to greatly increase the cost of an exhaustive search while modestly
|
||
|
increasing the cost of key derivation. The minimum allowed value is 1.
|
||
|
The standard recommends a minimum of 1000.
|
||
|
The maximum allowed length is 100,000.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="deltaend.gif" alt="End of change">
|
||
|
</dt>
|
||
|
|
||
|
<dt><strong>Key context token</strong></dt>
|
||
|
|
||
|
<dd>A token for a key context. The key context is created using the <a href=
|
||
|
"qc3crtkx.htm">Create Key Context (OPM, QC3CRTKX; ILE, Qc3CreateKeyContext)
|
||
|
API</a>.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key format</strong></dt>
|
||
|
|
||
|
<dd>The format of the key string field. Following are the valid values.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Binary string.<br>
|
||
|
The key is specified as a binary value.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>1</strong></td>
|
||
|
<td align="left" valign="top" width="95%">BER string<br>
|
||
|
If the key type field specifies 50 (RSA public), the key must be specified
|
||
|
in BER encoded X.509
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
Certificate or
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
SubjectPublicKeyInfo format. For specifications of this
|
||
|
format, refer to RFC 3280. If the key type field specifies 51 (RSA private),
|
||
|
the key must be specified in BER encoded PKCS #8 format. For specifications
|
||
|
of this format, refer to RSA Security Inc. Public-Key Cryptography Standards.
|
||
|
To generate a PKA key pair, use the <a href="qc3genpk.htm">Generate PKA
|
||
|
Key Pair (OPM, QC3GENPK; ILE, Qc3GenPKAKeyPair) API</a>.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key string</strong></dt>
|
||
|
|
||
|
<dd>The key to use in the decrypt operation.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key string length</strong></dt>
|
||
|
|
||
|
<dd>Length of the key string specified in the key string field.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Key type</strong></dt>
|
||
|
|
||
|
<dd>The type of key. Following are the valid values.
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>20</strong></td>
|
||
|
<td align="left" valign="top" width="95%">DES<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
The key string length or derived key string length must be 8 bytes.
|
||
|
For key description KEYD0200,
|
||
|
the key format must be 0.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
Only 7 bits of each byte are used as the actual key. The rightmost
|
||
|
bit of each byte is used to set parity. Some cryptographic service providers
|
||
|
require that a DES key have odd parity in every byte. Others ignore
|
||
|
parity.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>21</strong></td>
|
||
|
<td align="left" valign="top" width="95%">Triple DES<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
The key string length or the derived key length can be 8,
|
||
|
16, or 24.
|
||
|
For key description KEYD0200,
|
||
|
the key format must be 0.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
Triple DES operates on a decryption block by doing
|
||
|
a DES decrypt, followed by a DES encrypt, and then another DES decrypt.
|
||
|
Therefore, it actually uses three 8-byte DES keys. If 24 bytes are supplied in
|
||
|
the key string, the first 8 bytes are used for key 1, the second 8 bytes for
|
||
|
key 2, and the third 8 bytes for key 3. If 16 bytes are supplied, the first 8
|
||
|
bytes are used for key 1 and key 3, and the second 8 bytes for key 2. If only 8
|
||
|
bytes are supplied, it will be used for all 3 keys (essentially making the
|
||
|
operation equivalent to a single DES operation). Only 7 bits of each byte are
|
||
|
used as the actual key. The rightmost bit of each byte is used to set parity.
|
||
|
Some cryptographic service providers require that a Triple DES key have odd
|
||
|
parity in every byte. Others ignore parity.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>22</strong></td>
|
||
|
<td align="left" valign="top" width="95%">AES<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
The key string length or derived key length can be 16, 24, or 32.
|
||
|
For key description KEYD0200,
|
||
|
the key format must be 0.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>23</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RC2<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
The key string length or derived key length can be from 1 to 128.
|
||
|
For key description KEYD0200,
|
||
|
the key format must be 0.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>30</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RC4-compatible<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
The key string length or derived key length can be from 1 to 256.
|
||
|
For key description KEYD0200,
|
||
|
the key format must be 0.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>50</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RSA public<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
Valid only for key description KEYD0200.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
The key format must be 1. Use an RSA public key if the data was encrypted with
|
||
|
an RSA private key. Encryption with a private key and decryption with a public
|
||
|
key is used for data authentication (e.g. sign/verify).</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="5%"><strong>51</strong></td>
|
||
|
<td align="left" valign="top" width="95%">RSA private<br>
|
||
|
<img src="delta.gif" alt="Start of change">
|
||
|
Valid only for key description KEYD0200.
|
||
|
<img src="deltaend.gif" alt="End of change">
|
||
|
The key format must be 1. Use an RSA private key if the data was encrypted with
|
||
|
an RSA public key. Encryption with a public key and decryption with a private
|
||
|
key is used for data privacy.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="delta.gif" alt="Start of change"></dt>
|
||
|
|
||
|
<dt><strong>Passphrase</strong></dt>
|
||
|
|
||
|
<dd>A text string.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Passphrase CCSID</strong></dt>
|
||
|
|
||
|
<dd>INPUT; BINARY(4)
|
||
|
|
||
|
<p>The CCSID of the passphrase. The passphrase will be converted from the
|
||
|
specified CCSID to Unicode before calling the PKCS5 algorithm.</p>
|
||
|
|
||
|
<table width="95%">
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="15%"><strong>0</strong></td>
|
||
|
<td align="left" valign="top">The CCSID of the job is used to determine the
|
||
|
CCSID of the data to be converted. If the job CCSID is 65535, the CCSID from
|
||
|
the default CCSID (DFTCCSID) job attribute is used.</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td align="left" valign="top" width="15%"><strong>1-65533</strong></td>
|
||
|
<td align="left" valign="top">A valid CCSID in this range is used. For a list of valid CCSIDs,
|
||
|
see the <a href="../nls/rbagsglobalmain.htm">Globalization</a> topic in the
|
||
|
iSeries Information Center.</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Passphrase length</strong></dt>
|
||
|
|
||
|
<dd>The length of passphrase. The length must be in the range of 1 to 256.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>PEM certificate</strong></dt>
|
||
|
|
||
|
<dd>An ASCII encoded PEM formated certificate.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>PEM certificate length</strong></dt>
|
||
|
|
||
|
<dd>The length of the PEM certificate.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Qualified key store file name</strong></dt>
|
||
|
|
||
|
<dd>The key store file where the key is stored. Key store files are created
|
||
|
using the <a href="qc3crtks.htm">Create Key Store (OPM, QC3CRTKS;
|
||
|
ILE, Qc3CreateKeyStore)</a> API. The first 10 characters contain the file name.
|
||
|
The second 10 characters contain the name of the library
|
||
|
where the key store file is located. You can use the following special values
|
||
|
for the library name.
|
||
|
|
||
|
<table>
|
||
|
<tr>
|
||
|
<td valign="top"><strong>*CURLIB</strong></td>
|
||
|
<td valign="top">The job's current library is used to locate the
|
||
|
key store file. If no library is specified as the current library for the
|
||
|
job, the QGPL library is used.</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><strong>*LIBL</strong></td>
|
||
|
<td align="left" valign="top">The job's library list is searched for the first
|
||
|
occurence of the specified file name.
|
||
|
</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong> Record label</strong></dt>
|
||
|
<dd>The label of a key record in a key store file.
|
||
|
The label will be converted from the job CCSID, or if 65535, the job default
|
||
|
CCSID (DFTCCSID) job attribute to CCSID 1200 (Unicode UTF-16).
|
||
|
Key records are created
|
||
|
using the <a href="qc3wrtkr.htm">Write Key Record (OPM, QC3WRTKR;
|
||
|
ILE, Qc3WriteKeyRecord)</a> or <a href="qc3genkr.htm">Generate Key
|
||
|
Record (OPM, QC3GENKR; ILE, Qc3GenKeyRecord)</a> API.</dd>
|
||
|
|
||
|
<dt><img src="deltaend.gif" alt="End of change">
|
||
|
<br><br>
|
||
|
</dt>
|
||
|
|
||
|
<dt><strong>Reserved</strong></dt>
|
||
|
|
||
|
<dd>Must be null (binary 0s).<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="delta.gif" alt="Start of change">
|
||
|
</dt>
|
||
|
|
||
|
<dt><strong>Salt</strong></dt>
|
||
|
|
||
|
<dd>Used to help thwart attacks by producing a large set
|
||
|
of keys for each passphrase. The standard recommends the salt be
|
||
|
generated at random and be at least 8 bytes long. You may use the
|
||
|
<a href="qc3genprns.htm">Generate Pseudorandom Numbers (OPM, QC3GENPRN;
|
||
|
ILE, Qc3GenPRNs)</a> API to obtain a random value. Additionally,
|
||
|
data that distinguishes between various operations can be added to the salt
|
||
|
for additional security. Refer to the standard for more information.
|
||
|
<br><br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Salt length</strong></dt>
|
||
|
|
||
|
<dd>The length of salt. The length must be in the range of 1 to 16.
|
||
|
</dd>
|
||
|
|
||
|
<dt><img src="deltaend.gif" alt="End of change">
|
||
|
</dt>
|
||
|
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="header_9">Error Messages</a></h3>
|
||
|
|
||
|
|
||
|
<table width="100%">
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td width="15%" valign="top">CPF24B4 E</td>
|
||
|
<td width="85%" valign="top">Severe error while addressing parameter list.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF3C1E E</td>
|
||
|
<td valign="top">Required parameter &1 omitted.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF3CF1 E</td>
|
||
|
<td valign="top">Error code parameter not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF2 E</td>
|
||
|
<td align="left" valign="top">Error(s) occurred during running of &1 API.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9872 E</td>
|
||
|
<td valign="top">Program or service program &1 in library &2 ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top"><img src="delta.gif" alt="Start of change"></td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9D99 E</td>
|
||
|
<td valign="top">Error openning certificate store.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9D9A E</td>
|
||
|
<td valign="top">Key is protected by a cryptographic coprocessor.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9D9B E</td>
|
||
|
<td valign="top">Internal error occured retrieving key from system certificate store.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9D9C E</td>
|
||
|
<td valign="top">Function is disallowed with specified key context.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9D9F E</td>
|
||
|
<td valign="top">Not authorized to key store file.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA0 E</td>
|
||
|
<td valign="top">Error occured opening key store file.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA1 E</td>
|
||
|
<td valign="top">Key record not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA2 E</td>
|
||
|
<td valign="top">Option 34 is not installed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA3 E</td>
|
||
|
<td valign="top">Not authorized to use APPIDs.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA4 E</td>
|
||
|
<td valign="top">APPID is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA5 E</td>
|
||
|
<td valign="top">Key store file not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA6 E</td>
|
||
|
<td valign="top">The key store file is not available.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA7 E</td>
|
||
|
<td valign="top">File is corrupt or not a valid key store file.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA8 D</td>
|
||
|
<td valign="top">The application identifier length is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DA9 D</td>
|
||
|
<td valign="top">The format of the PEM certificate is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DAA D</td>
|
||
|
<td valign="top">A key requires translation.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DAB E</td>
|
||
|
<td valign="top">A key can not be decrypted.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DB1 E</td>
|
||
|
<td valign="top">The CCSID is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DB3 E</td>
|
||
|
<td valign="top">Qualified key store file name not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DB6 E</td>
|
||
|
<td valign="top">Record label not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DB8 E</td>
|
||
|
<td valign="top">Error occured retrieving key record from key store.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBA E</td>
|
||
|
<td valign="top">Derived key length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBB E</td>
|
||
|
<td valign="top">Iteration count not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBC E</td>
|
||
|
<td valign="top">Salt length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBD E</td>
|
||
|
<td valign="top">Passphrase length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBE E</td>
|
||
|
<td valign="top">PEM certificate length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DBF E</td>
|
||
|
<td valign="top">Certificate label length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DC0 E</td>
|
||
|
<td valign="top">Distinghished name length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DC2 E</td>
|
||
|
<td valign="top">Key-encrypting algorithm context not compatible with key-encrypting key context.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DC3 E</td>
|
||
|
<td valign="top">Unable to decrypt data or key.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top"><img src="deltaend.gif" alt="End of change"></td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DC6 E</td>
|
||
|
<td valign="top">Algorithm not valid for encrypting or decrypting a key.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DC8 E</td>
|
||
|
<td valign="top">The input data parameter specifies a NULL pointer.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD2 E</td>
|
||
|
<td valign="top">Algorithm description format name not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD3 E</td>
|
||
|
<td valign="top">Key description format name not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD5 E</td>
|
||
|
<td valign="top">Length of input data not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD6 E</td>
|
||
|
<td valign="top">Length of area provided for output data is too small.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD7 E</td>
|
||
|
<td valign="top">The key-encrypting key context for the specified key is not valid or was previously destroyed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD8 E</td>
|
||
|
<td valign="top">The key-encrypting algorithm context for the specified key is not valid or was previously destroyed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DD9 E</td>
|
||
|
<td valign="top">Effective key size not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DDA E</td>
|
||
|
<td valign="top">Unexpected return code &1.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DDB E</td>
|
||
|
<td valign="top">The key string or Diffie-Hellman parameter string is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DDD E</td>
|
||
|
<td valign="top">The key string length is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DDE E</td>
|
||
|
<td valign="top">Cipher algorithm not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DDF E</td>
|
||
|
<td valign="top">Block length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE0 E</td>
|
||
|
<td valign="top">Hash algorithm not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE1 E</td>
|
||
|
<td valign="top">Initialization vector not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE2 E</td>
|
||
|
<td valign="top">MAC (message authentication code) length not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE3 E</td>
|
||
|
<td valign="top">Mode not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE4 E</td>
|
||
|
<td valign="top">Pad option not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE5 E</td>
|
||
|
<td valign="top">PKA (public key algorithm) block format not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE6 E</td>
|
||
|
<td valign="top">Public key algorithm not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE7 E</td>
|
||
|
<td valign="top">Key type not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DE9 E</td>
|
||
|
<td valign="top">Key format not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DEC E</td>
|
||
|
<td valign="top">Cryptographic service provider not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DED E</td>
|
||
|
<td valign="top">Final operation flag not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DEE E</td>
|
||
|
<td valign="top">Reserved field not null.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF0 E</td>
|
||
|
<td valign="top">Operation, algorithm, or mode not available on the requested CSP (cryptographic service provider).</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF1 E</td>
|
||
|
<td valign="top">The algorithm context token does not reference a valid algorithm context.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF2 E</td>
|
||
|
<td valign="top">The algorithm context is not found or was previously destroyed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF3 E</td>
|
||
|
<td valign="top">Algorithm in algorithm context not valid for requested operation.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF4 E</td>
|
||
|
<td valign="top">The key context token does not reference a valid key context.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF5 E</td>
|
||
|
<td valign="top">The key context is not found or was previously destroyed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF7 E</td>
|
||
|
<td valign="top">Algorithm context not compatible with key context.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF8 E</td>
|
||
|
<td valign="top">Cryptographic device name not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DF9 E</td>
|
||
|
<td valign="top">Cryptographic device not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DFB E</td>
|
||
|
<td valign="top">Cryptographic service provider (CSP) conflicts with the key context CSP.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DFD E</td>
|
||
|
<td valign="top">Not authorized to device.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top">CPF9DFE E</td>
|
||
|
<td valign="top">Cryptographic device not available.</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<hr>
|
||
|
API introduced: V5R3
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"catcrypt.htm">Cryptographic Services APIs</a> | <a href="aplist.htm">APIs by
|
||
|
category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
|
||
|
</body>
|
||
|
</html>
|
||
|
|