<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="reference" /> <meta name="DC.Title" content="Example: Creating a PKA key with your Cryptographic Coprocessor" /> <meta name="abstract" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" /> <meta name="description" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" /> <meta name="DC.Relation" scheme="URI" content="rzajccreatekeys.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="pkakeygentxt" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Example: Creating a PKA key with your Cryptographic Coprocessor</title> </head> <body id="pkakeygentxt"><a name="pkakeygentxt"><!-- --></a> <!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Example: Creating a PKA key with your Cryptographic Coprocessor</h1> <div><p>Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor</p> <div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for important legal information.<p>If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends that you individualize these program examples rather than using the default values provided.</p> </div> </div> <div class="example"> <pre>/*---------------------------------------------------------------*/ /* Generate PKA keys in key store. */ /* */ /* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */ /* */ /* This material contains programming source code for your */ /* consideration. These examples have not been thoroughly */ /* tested under all conditions. IBM, therefore, cannot */ /* guarantee or imply reliability, serviceability, or function */ /* of these programs. All programs contained herein are */ /* provided to you "AS IS". THE IMPLIED WARRANTIES OF */ /* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */ /* EXPRESSLY DISCLAIMED. IBM provides no program services for */ /* these programs and files. */ /* */ /* Parameters: */ /* char * key label, 1 to 64 characters */ /* */ /* Examples: */ /* CALL PGM(PKAKEYGEN) PARM('TEST.LABEL.1') */ /* */ /* Note: This program assumes the card you want to load is */ /* already identifed either by defaulting to the CRP01 */ /* device or has been explicitly named using the */ /* Cryptographic_Resource_Allocate verb. Also this */ /* device must be varied on and you must be authorized */ /* to use this device descrption. */ /* */ /* This program also assumes the key store file you will */ /* use is already identifed either by being specified on */ /* the cryptographic device or has been explicitly named */ /* using the Key_Store_Designate verb. Also you must be */ /* authorized to add and update records in this file. */ /* */ /* Use the following commands to compile this program: */ /* ADDLIBLE LIB(QCCA) */ /* CRTCMOD MODULE(PKAKEYGEN) SRCFILE(SAMPLE) */ /* CRTPGM PGM(PKAKEYGEN) MODULE(PKAKEYGEN) + */ /* BNDSRVPGM(QCCA/CSNDKRC QCCA/CSNDPKG) */ /* */ /* Note: authority to the CSNDKRC and CSNDPKG service programs */ /* in the QCCA library is assumed. */ /* */ /* Common Cryptographic Architecture (CCA) verbs used: */ /* PKA_Key_Record_Create (CSNDKRC) */ /* PKA_Key_Generate (CSNDPKG) */ /* */ /*---------------------------------------------------------------*/ #include <stdlib.h> #include <stdio.h> #include <string.h> #include "csucincl.h" /* header file for CCA Cryptographic Service Provider */ int main(int argc, char *argv[]) { /*-------------------------------------------------------------------*/ /* standard return codes */ /*-------------------------------------------------------------------*/ #define ERROR -1 #define OK 0 /*-------------------------------------------------------------------*/ /* standard CCA parameters */ /*-------------------------------------------------------------------*/ long return_code; long reason_code; long exit_data_length; char exit_data[2]; char rule_array[4][8]; long rule_array_count; /*-------------------------------------------------------------------*/ /* fields unique to this sample program */ /*-------------------------------------------------------------------*/ char key_label[64]; /* identify record in key store to hold generated key */ #pragma pack (1) typedef struct rsa_key_token_header_section { char token_identifier; char version; short key_token_struct_length; char reserved_1[4]; } rsa_key_token_header_section; typedef struct rsa_private_key_1024_bit_section { char section_identifier; char version; short section_length; char hash_of_private_key[20]; short reserved_1; short master_key_verification_pattern; char key_format_and_security; char reserved_2; char hash_of_key_name[20]; char key_usage_flag; char rest_of_private_key[312]; } rsa_private_key_1024_bit_section; typedef struct rsa_public_key_section { char section_identifer; char version; short section_length; short reserved_1; short exponent_field_length; short modulus_length; short modulus_length_in_bytes; char exponent; } rsa_public_key_section; struct { rsa_key_token_header_section rsa_header; rsa_private_key_1024_bit_section rsa_private_key; rsa_public_key_section rsa_public_key; } key_token; struct { short modlen; short modlenfld; short pubexplen; short prvexplen; long pubexp; } prvPubl; #pragma pack () long key_struct_length; long zero = 0; long key_token_length; long regen_data_length; long generated_key_id_length; /*-------------------------------------------------------------------*/ /* Create record in key store */ /*-------------------------------------------------------------------*/ rule_array_count = 0; key_token_length = 0; memset(key_label, ' ', 64); memcpy(key_label, argv[1], strlen(argv[1])); CSNDKRC(&return_code, &reason_code, &exit_data_length, exit_data, &rule_array_count, "\0", /* rule_array */ key_label, &key_token_length, "\0"); /* key token */ if (return_code != 0) { printf("Record could not be added to key store for reason %d/%d\n\n", return_code, reason_code); return ERROR; } else { printf("Record added to key store\n"); printf("SAPI returned %ld/%ld\n", return_code, reason_code); } /*-------------------------------------------------------------------*/ /* Build a key token, needed to generate PKA key */ /*-------------------------------------------------------------------*/ memset(&key_token, 0X00, sizeof(key_token)); key_token.rsa_header.token_identifier = 0X1E; /* external token */ key_token.rsa_header.key_token_struct_length = sizeof(key_token); key_token.rsa_private_key.section_identifier = 0X02; /* RSA private key */ key_token.rsa_private_key.section_length = sizeof(rsa_private_key_1024_bit_section); key_token.rsa_private_key.key_usage_flag = 0X80; key_token.rsa_public_key.section_identifer = 0X04; /* RSA public key */ key_token.rsa_public_key.section_length = sizeof(rsa_public_key_section); key_token.rsa_public_key.exponent_field_length = 1; key_token.rsa_public_key.modulus_length = 512; key_token.rsa_public_key.exponent = 0x03; key_token_length = sizeof(key_token); printf("Key token built\n"); /*-------------------------------------------------------------------*/ /* Generate a key */ /*-------------------------------------------------------------------*/ rule_array_count = 1; regen_data_length = 0; /* key_token_length = 64; */ generated_key_id_length = 2500; CSNDPKG(&return_code, &reason_code, &exit_data_length, exit_data, &rule_array_count, "MASTER ", /* rule_array */ &regen_data_length, "\0", /* regeneration_data, none needed */ &key_token_length, /* skeleton_key_token_length */ (char *)&key_token, /* skeleton_key_token built above */ "\0", /* transport_id, only needed for XPORT keys */ &generated_key_id_length, key_label); /* generated_key_id, store generated key in key store */ if (return_code != 0) { printf("Key generation failed for reason %d/%d\n\n", return_code, reason_code); return ERROR; } else { printf("Key generated and stored in key store\n"); printf("SAPI returned %ld/%ld\n\n", return_code, reason_code); return OK; } }</pre> </div> </div> <div> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzajccreatekeys.htm" title="You can create DES and PKA keys and store them in a DES key store.">Create DES and PKA keys</a></div> </div> </div> </body> </html>