<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Creating a PKA key with your Cryptographic Coprocessor" />
<meta name="abstract" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" />
<meta name="description" content="Change this program example to suit your needs for creating a PKA key with your Cryptographic Coprocessor" />
<meta name="DC.Relation" scheme="URI" content="rzajccreatekeys.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="pkakeygentxt" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Creating a PKA key with your Cryptographic Coprocessor</title>
</head>
<body id="pkakeygentxt"><a name="pkakeygentxt"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Creating a PKA key with your Cryptographic Coprocessor</h1>
<div><p>Change this program example to suit your needs for creating a PKA
key with your Cryptographic Coprocessor</p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre>/*---------------------------------------------------------------*/
/* Generate PKA keys in key store.                               */
/*                                                               */
/*  COPYRIGHT      5769-SS1 (c) IBM Corp 1999              */
/*                                                               */
/*  This material contains programming source code for your      */
/*  consideration.  These examples have not been thoroughly      */
/*  tested under all conditions.  IBM, therefore, cannot         */
/*  guarantee or imply reliability, serviceability, or function  */
/*  of these programs.  All programs contained herein are        */
/*  provided to you "AS IS". THE IMPLIED WARRANTIES OF           */
/*  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE     */
/*  EXPRESSLY DISCLAIMED. IBM provides no program services for   */
/*  these programs and files.                                    */
/*                                                               */
/* Parameters:                                                   */
/*  char * key label,  1 to 64 characters                        */
/*                                                               */
/* Examples:                                                     */
/*   CALL PGM(PKAKEYGEN) PARM('TEST.LABEL.1')                    */
/*                                                               */
/* Note: This program assumes the card you want to load is       */
/*       already identifed either by defaulting to the CRP01     */
/*       device or has been explicitly named using the           */
/*       Cryptographic_Resource_Allocate verb. Also this         */
/*       device must be varied on and you must be authorized     */
/*       to use this device descrption.                          */
/*                                                               */
/*       This program also assumes the key store file you will   */
/*       use is already identifed either by being specified on   */
/*       the cryptographic device or has been explicitly named   */
/*       using the Key_Store_Designate verb. Also you must be    */
/*       authorized to add and update records in this file.      */
/*                                                               */
/* Use the following commands to compile this program:           */
/* ADDLIBLE LIB(QCCA)                                            */
/* CRTCMOD MODULE(PKAKEYGEN) SRCFILE(SAMPLE)                     */
/* CRTPGM  PGM(PKAKEYGEN) MODULE(PKAKEYGEN)  +                   */
/*         BNDSRVPGM(QCCA/CSNDKRC QCCA/CSNDPKG)                  */
/*                                                               */
/* Note: authority to the CSNDKRC and CSNDPKG service programs   */
/*       in the QCCA library is assumed.                         */
/*                                                               */
/* Common Cryptographic Architecture (CCA) verbs used:           */
/*   PKA_Key_Record_Create (CSNDKRC)                             */
/*   PKA_Key_Generate (CSNDPKG)                                  */
/*                                                               */
/*---------------------------------------------------------------*/

#include &lt;stdlib.h&gt;
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include "csucincl.h"            /* header file for CCA Cryptographic
                                    Service Provider                 */

int main(int argc, char *argv[])
 {

/*-------------------------------------------------------------------*/
/* standard return codes                                             */
/*-------------------------------------------------------------------*/

#define ERROR -1
#define OK     0

/*-------------------------------------------------------------------*/
/* standard CCA parameters                                           */
/*-------------------------------------------------------------------*/

  long return_code;
  long reason_code;
  long exit_data_length;
  char exit_data[2];
  char rule_array[4][8];
  long rule_array_count;

/*-------------------------------------------------------------------*/
/* fields unique to this sample program                              */
/*-------------------------------------------------------------------*/

  char key_label[64];            /* identify record in key store to
				    hold generated key								               */
  #pragma pack (1)

  typedef struct rsa_key_token_header_section {
      char token_identifier;
      char version;
      short key_token_struct_length;
      char reserved_1[4];
  } rsa_key_token_header_section;

  typedef struct rsa_private_key_1024_bit_section {
      char  section_identifier;
      char  version;
      short section_length;
      char  hash_of_private_key[20];
      short reserved_1;
      short master_key_verification_pattern;
      char  key_format_and_security;
      char  reserved_2;
      char  hash_of_key_name[20];
      char  key_usage_flag;
      char  rest_of_private_key[312];
  } rsa_private_key_1024_bit_section;

  typedef struct rsa_public_key_section {
      char  section_identifer;
      char  version;
      short section_length;
      short reserved_1;
      short exponent_field_length;
      short modulus_length;
      short modulus_length_in_bytes;
      char  exponent;
  } rsa_public_key_section;    
        
  struct {
      rsa_key_token_header_section      rsa_header;
      rsa_private_key_1024_bit_section  rsa_private_key;
      rsa_public_key_section            rsa_public_key;
  } key_token;


  struct {
      short modlen;
      short modlenfld;
      short pubexplen;
      short prvexplen;
      long  pubexp;
  } prvPubl;

#pragma pack ()

  long key_struct_length;
  long zero = 0;
  long key_token_length;
  
  long regen_data_length;
  long generated_key_id_length;
  
/*-------------------------------------------------------------------*/
/* Create record in key store                                        */
/*-------------------------------------------------------------------*/
  rule_array_count = 0;
  key_token_length = 0;
  memset(key_label, ' ', 64);
  memcpy(key_label, argv[1], strlen(argv[1]));

  CSNDKRC(&amp;return_code,
	  &amp;reason_code,
	  &amp;exit_data_length,
	  exit_data,
	  &amp;rule_array_count,
	  "\0",                 /* rule_array                       */
	  key_label,
	  &amp;key_token_length,
	  "\0");                /* key token                        */

  if (return_code != 0)
  {
      printf("Record could not be added to key store for reason %d/%d\n\n",
	     return_code, reason_code);
      return ERROR;
  }
  else
  {
      printf("Record added to key store\n");
      printf("SAPI returned %ld/%ld\n", return_code, reason_code);
  }

/*-------------------------------------------------------------------*/
/* Build a key token, needed to generate PKA key                     */
/*-------------------------------------------------------------------*/
  memset(&amp;key_token, 0X00, sizeof(key_token));

  key_token.rsa_header.token_identifier = 0X1E; /* external token   */
  key_token.rsa_header.key_token_struct_length = sizeof(key_token);

  key_token.rsa_private_key.section_identifier =
      0X02;                                     /* RSA private key  */
  key_token.rsa_private_key.section_length =
         sizeof(rsa_private_key_1024_bit_section);
  key_token.rsa_private_key.key_usage_flag = 0X80;

  key_token.rsa_public_key.section_identifer = 0X04; /* RSA public key   */
  key_token.rsa_public_key.section_length =
      sizeof(rsa_public_key_section);
  key_token.rsa_public_key.exponent_field_length = 1;
  key_token.rsa_public_key.modulus_length = 512;
  key_token.rsa_public_key.exponent = 0x03;

  key_token_length = sizeof(key_token);

  printf("Key token built\n");
  
/*-------------------------------------------------------------------*/
/* Generate a key                                                    */
/*-------------------------------------------------------------------*/

  rule_array_count = 1;
  regen_data_length = 0;
 /*  key_token_length = 64; */
  generated_key_id_length = 2500;

  CSNDPKG(&amp;return_code,
	  &amp;reason_code,
	  &amp;exit_data_length,
	  exit_data,
	  &amp;rule_array_count,
	  "MASTER  ",            /* rule_array                      */
	  &amp;regen_data_length,
	  "\0",                  /* regeneration_data, none needed  */
	  &amp;key_token_length,     /* skeleton_key_token_length       */
	  (char *)&amp;key_token,    /* skeleton_key_token built above  */
	  "\0",                  /* transport_id, only needed for
				    						XPORT keys                      */
	  &amp;generated_key_id_length,
	  key_label);            /* generated_key_id, store generated
				    						key in key store                */

  if (return_code != 0)
  {
      printf("Key generation failed for reason %d/%d\n\n",
	     return_code, reason_code);
      return ERROR;
  }
  else
  {
      printf("Key generated and stored in key store\n");
      printf("SAPI returned %ld/%ld\n\n", return_code, reason_code);
      return OK;
  }
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajccreatekeys.htm" title="You can create DES and PKA keys and store them in a DES key store.">Create DES and PKA keys</a></div>
</div>
</div>
</body>
</html>