ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcpkakeygentxt.htm

281 lines
12 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Creating a PKA key with your Cryptographic Coprocessor" />
<meta name="abstract" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" />
<meta name="description" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" />
<meta name="DC.Relation" scheme="URI" content="rzajccreatekeys.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="pkakeygentxt" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Creating a PKA key with your Cryptographic Coprocessor</title>
</head>
<body id="pkakeygentxt"><a name="pkakeygentxt"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Creating a PKA key with your Cryptographic Coprocessor</h1>
<div><p>Change this program example to suit your needs for creating a PKA
key with your Cryptographic Coprocessor</p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre>/*---------------------------------------------------------------*/
/* Generate PKA keys in key store. */
/* */
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Parameters: */
/* char * key label, 1 to 64 characters */
/* */
/* Examples: */
/* CALL PGM(PKAKEYGEN) PARM('TEST.LABEL.1') */
/* */
/* Note: This program assumes the card you want to load is */
/* already identifed either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device descrption. */
/* */
/* This program also assumes the key store file you will */
/* use is already identifed either by being specified on */
/* the cryptographic device or has been explicitly named */
/* using the Key_Store_Designate verb. Also you must be */
/* authorized to add and update records in this file. */
/* */
/* Use the following commands to compile this program: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(PKAKEYGEN) SRCFILE(SAMPLE) */
/* CRTPGM PGM(PKAKEYGEN) MODULE(PKAKEYGEN) + */
/* BNDSRVPGM(QCCA/CSNDKRC QCCA/CSNDPKG) */
/* */
/* Note: authority to the CSNDKRC and CSNDPKG service programs */
/* in the QCCA library is assumed. */
/* */
/* Common Cryptographic Architecture (CCA) verbs used: */
/* PKA_Key_Record_Create (CSNDKRC) */
/* PKA_Key_Generate (CSNDPKG) */
/* */
/*---------------------------------------------------------------*/
#include &lt;stdlib.h&gt;
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
int main(int argc, char *argv[])
{
/*-------------------------------------------------------------------*/
/* standard return codes */
/*-------------------------------------------------------------------*/
#define ERROR -1
#define OK 0
/*-------------------------------------------------------------------*/
/* standard CCA parameters */
/*-------------------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length;
char exit_data[2];
char rule_array[4][8];
long rule_array_count;
/*-------------------------------------------------------------------*/
/* fields unique to this sample program */
/*-------------------------------------------------------------------*/
char key_label[64]; /* identify record in key store to
hold generated key */
#pragma pack (1)
typedef struct rsa_key_token_header_section {
char token_identifier;
char version;
short key_token_struct_length;
char reserved_1[4];
} rsa_key_token_header_section;
typedef struct rsa_private_key_1024_bit_section {
char section_identifier;
char version;
short section_length;
char hash_of_private_key[20];
short reserved_1;
short master_key_verification_pattern;
char key_format_and_security;
char reserved_2;
char hash_of_key_name[20];
char key_usage_flag;
char rest_of_private_key[312];
} rsa_private_key_1024_bit_section;
typedef struct rsa_public_key_section {
char section_identifer;
char version;
short section_length;
short reserved_1;
short exponent_field_length;
short modulus_length;
short modulus_length_in_bytes;
char exponent;
} rsa_public_key_section;
struct {
rsa_key_token_header_section rsa_header;
rsa_private_key_1024_bit_section rsa_private_key;
rsa_public_key_section rsa_public_key;
} key_token;
struct {
short modlen;
short modlenfld;
short pubexplen;
short prvexplen;
long pubexp;
} prvPubl;
#pragma pack ()
long key_struct_length;
long zero = 0;
long key_token_length;
long regen_data_length;
long generated_key_id_length;
/*-------------------------------------------------------------------*/
/* Create record in key store */
/*-------------------------------------------------------------------*/
rule_array_count = 0;
key_token_length = 0;
memset(key_label, ' ', 64);
memcpy(key_label, argv[1], strlen(argv[1]));
CSNDKRC(&amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
"\0", /* rule_array */
key_label,
&amp;key_token_length,
"\0"); /* key token */
if (return_code != 0)
{
printf("Record could not be added to key store for reason %d/%d\n\n",
return_code, reason_code);
return ERROR;
}
else
{
printf("Record added to key store\n");
printf("SAPI returned %ld/%ld\n", return_code, reason_code);
}
/*-------------------------------------------------------------------*/
/* Build a key token, needed to generate PKA key */
/*-------------------------------------------------------------------*/
memset(&amp;key_token, 0X00, sizeof(key_token));
key_token.rsa_header.token_identifier = 0X1E; /* external token */
key_token.rsa_header.key_token_struct_length = sizeof(key_token);
key_token.rsa_private_key.section_identifier =
0X02; /* RSA private key */
key_token.rsa_private_key.section_length =
sizeof(rsa_private_key_1024_bit_section);
key_token.rsa_private_key.key_usage_flag = 0X80;
key_token.rsa_public_key.section_identifer = 0X04; /* RSA public key */
key_token.rsa_public_key.section_length =
sizeof(rsa_public_key_section);
key_token.rsa_public_key.exponent_field_length = 1;
key_token.rsa_public_key.modulus_length = 512;
key_token.rsa_public_key.exponent = 0x03;
key_token_length = sizeof(key_token);
printf("Key token built\n");
/*-------------------------------------------------------------------*/
/* Generate a key */
/*-------------------------------------------------------------------*/
rule_array_count = 1;
regen_data_length = 0;
/* key_token_length = 64; */
generated_key_id_length = 2500;
CSNDPKG(&amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
"MASTER ", /* rule_array */
&amp;regen_data_length,
"\0", /* regeneration_data, none needed */
&amp;key_token_length, /* skeleton_key_token_length */
(char *)&amp;key_token, /* skeleton_key_token built above */
"\0", /* transport_id, only needed for
XPORT keys */
&amp;generated_key_id_length,
key_label); /* generated_key_id, store generated
key in key store */
if (return_code != 0)
{
printf("Key generation failed for reason %d/%d\n\n",
return_code, reason_code);
return ERROR;
}
else
{
printf("Key generated and stored in key store\n");
printf("SAPI returned %ld/%ld\n\n", return_code, reason_code);
return OK;
}
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajccreatekeys.htm" title="You can create DES and PKA keys and store them in a DES key store.">Create DES and PKA keys</a></div>
</div>
</div>
</body>
</html>