friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qc3genpk.htm

684 lines
20 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<!-- Begin Header Records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Created for V5R3 by beth hagemeister 6/12/02 -->
<!-- Change history: -->
<!-- 031020 BILLINGS Review 3 updates -->
<!-- 040830 BILLINGS V5R4 changes -->
<!-- 050315 BILLINGS V5R4 message updates -->
<!-- end header records -->
<title>Generate PKA Key Pair(QC3GENPK, Qc3GenPKAKeyPair)</title>
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!--Java sync-link-->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>Generate PKA Key Pair (QC3GENPK, Qc3GenPKAKeyPair)</h2>
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Required Parameter Group:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1
</td><td align="left" valign="top" width="60%">Key type
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">2
</td><td align="left" valign="top" width="60%">Key size
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">3
</td><td align="left" valign="top" width="60%">Public key exponent
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">4
</td><td align="left" valign="top" width="60%">Key format
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">5
</td><td align="left" valign="top" width="60%">Key form
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">6
</td><td align="left" valign="top" width="60%">Key-encrypting key
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">7
</td><td align="left" valign="top" width="60%">Key-encrypting algorithm
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(8)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">8
</td><td align="left" valign="top" width="60%">Cryptographic service provider
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr><tr>
<td align="center" valign="top" width="10%">9
</td><td align="left" valign="top" width="60%">Cryptographic device name
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(10)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">10
</td><td align="left" valign="top" width="60%">Private key string
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">11
</td><td align="left" valign="top" width="60%">Length of area provided for private key string
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">12
</td><td align="left" valign="top" width="60%">Length of private key string returned
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">13
</td><td align="left" valign="top" width="60%">Public Key string
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">14
</td><td align="left" valign="top" width="60%">Length of area provided for public key string
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">15
</td><td align="left" valign="top" width="60%">Length of public key string returned
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">16
</td><td align="left" valign="top" width="60%">Error code
</td><td align="left" valign="top" width="15%">I/O
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
</table>
<br>
&nbsp;&nbsp;Service Program Name: QC3KEYGN<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The Generate PKA Key Pair (OPM, QC3GENPK; ILE, Qc3GenPKAKeyPair) API generates a random PKA
key pair that can be used with the PKA cipher algorithm RSA.</p>
<p>Information on cryptographic standards can be found in the <a href=
"qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE,
Qc3CreateAlgorithmContext)</a> API documentation.</p>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><strong>Required device description authority</strong></dt>
<dd>*USE<br><br></dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Key type</strong></dt>
<dd>INPUT; BINARY(4)
<p>The type of key.</p>
Following are the valid values.
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>50</strong></td>
<td align="left" valign="top" width="95%">RSA</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Key size</strong></dt>
<dd>INPUT; BINARY(4)
<p>The modulus length in bits.<br>
The key size must be an even number in the range 512 - 2048.</p>
</dd>
<dt><strong>Public key exponent</strong></dt>
<dd>INPUT; BINARY(4)
<p>To maximize performance, the public key exponent is limited to the following two values.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="8%"><strong>3</strong></td>
<td align="left" valign="top" width="92%">Or hex &nbsp; 00 00 00 03.</td>
</tr>
<tr>
<td align="left" valign="top" width="8%"><strong>65,537</strong></td>
<td align="left" valign="top" width="92%">Or hex &nbsp; 00 01 00 01.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Key format</strong></dt>
<dd>INPUT; CHAR(1)
<p>The format in which to return the key.<br>
Following are the valid values.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>1</strong></td>
<td align="left" valign="top" width="95%">BER string.
The private key is returned in BER encoded PKCS #8 format. For specifications of this format, refer to RSA Security Inc. Public-Key Cryptography Standards. The public key is returned in BER encoded X.509 SubjectPublicKeyInfo format. For specifications of this format, refer to RFC 3280.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Key form</strong></dt>
<dd>INPUT; CHAR(1)
<p>The form in which to return the private key string.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>0</strong></td>
<td align="left" valign="top" width="95%">Clear.<br>
The key string is returned in the clear.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>1</strong></td>
<td align="left" valign="top">Encrypted.<br>
The private key string is returned encrypted
<img src="delta.gif" alt="Start of change">
with a key-encrypting key.
Tokens are specified in the key-encrypting key and key-encrypting algorithm
parameters and used to encrypt the private key string before returning it.
<img src="deltaend.gif" alt="End of change">
</td>
</tr>
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
<tr>
<td align="left" valign="top" width="5%"><strong>2</strong></td>
<td align="left" valign="top" width="95%">Encrypted with a master key<br>
The private key string is returned encrypted with a master key.
The master key is specified in the key-encrypting key parameter.
</td>
</tr>
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
</table>
<br>
</dd>
<dt><img src="delta.gif" alt="Start of change"></dt>
<dt><strong>Key-encrypting key</strong></dt>
<dd>INPUT; CHAR(*)
<p>For key form 0 (clear), this parameter must be set to blanks or the pointer
to this parameter set to NULL.</p>
<p>For key form 1 (encrypted), this parameter specifies the key context token
to use to encrypt the private key string.</p>
<p>For key form 2 (encrypted with a master key), this parameter has the
following structure:</p>
<table border width="70%">
<tr>
<th align="center" valign="bottom" colspan="2">Offset</th>
<th align="left" valign="bottom" rowspan="2">Type</th>
<th align="left" valign="bottom" rowspan="2">Field</th>
</tr>
<tr>
<th align="center" valign="bottom">Dec</th>
<th align="center" valign="bottom">Hex</th>
</tr>
<tr>
<td align="center" valign="top" width="9%">0</td>
<td align="center" valign="top" width="9%">0</td>
<td align="left" valign="top" width="19%">BINARY(4)</td>
<td align="left" valign="top" width="63%">Master key ID</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">4</td>
<td align="center" valign="top" width="9%">4</td>
<td align="left" valign="top" width="19%">CHAR(4)</td>
<td align="left" valign="top" width="63%">Reserved</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">8</td>
<td align="center" valign="top" width="9%">8</td>
<td align="left" valign="top" width="19%">BINARY(4)</td>
<td align="left" valign="top" width="63%">Disallowed function</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">12</td>
<td align="center" valign="top" width="9%">C</td>
<td align="left" valign="top" width="19%">CHAR(20)</td>
<td align="left" valign="top" width="63%">Master key KVV</td>
</tr>
</table>
<br><br>
<dl>
<dt><strong>Master key ID</strong></dt>
<dd>The master key IDs are
<table width="95%">
<tr>
<td align="left" valign="top" width="15%"><strong>1</strong></td>
<td align="left" valign="top">Master key 1</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>2</strong></td>
<td align="left" valign="top">Master key 2</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>3</strong></td>
<td align="left" valign="top">Master key 3</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>4</strong></td>
<td align="left" valign="top">Master key 4</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>5</strong></td>
<td align="left" valign="top">Master key 5</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>6</strong></td>
<td align="left" valign="top">Master key 6</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>7</strong></td>
<td align="left" valign="top">Master key 7</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>8</strong></td>
<td align="left" valign="top">Master key 8</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Reserved</strong></dt>
<dd>Must be null (binary 0s).
<br><br>
</dd>
<dt><strong>Disallowed function</strong></dt>
<dd>INPUT; BINARY(4)
<p>This parameter specifies the functions that cannot be used with this key.
The values listed below can be added together to disallow multiple functions.
For example, to disallow everything but encryption, set the value
to 14. This value should be saved along with the encrypted private key
string because it will be required when the encrypted private key string
is used on an API.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="10%"><strong>0</strong></td>
<td align="left" valign="top" width="85%">No functions are disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>1</strong></td>
<td align="left" valign="top">Encryption is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>2</strong></td>
<td align="left" valign="top">Decryption is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>4</strong></td>
<td align="left" valign="top">MACing is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>8</strong></td>
<td align="left" valign="top">Signing is disallowed.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Master key KVV</strong></dt>
<dd>The key verification value of the master key that was used to encrypt
the key is returned in this field. This value should be saved along with the
encrypted key value. When the encrypted key value is used on an API and the KVV
is supplied, the API will be able to determine which version of the master key
should be used to decrypt the key. This field must be null (binary 0s)
on input.<br>
<br>
</dd>
</dl>
</dd>
<dt><strong>Key-encrypting algorithm</strong></dt>
<dd>INPUT; CHAR(8)
<p>For key form 0 (clear) and 2 (encrypted with a master key), this parameter
must be set to blanks or the pointer to this parameter set to NULL.</p>
<p>For key form 1 (encrypted), this parameter specifies the algorithm context
token to use for encrypting the private key string.
</p>
</dd>
<dt><img src="deltaend.gif" alt="End of change"><br><br></dt>
<dt><strong>Cryptographic service provider</strong></dt>
<dd>INPUT; CHAR(1)
<p>The cryptographic service provider (CSP) that will perform the key generate operation.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>1</strong></td>
<td align="left" valign="top" width="95%">Software CSP.<br>
The system will perform the PKA key pair generation using software.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Cryptographic device name</strong></dt>
<dd>INPUT; CHAR(10)
<p>This parameter must be set to blanks or the pointer to this parameter set to NULL.</p>
</dd>
<dt><strong>Private key string</strong></dt>
<dd>OUTPUT; CHAR(*)
<p>The area to store the generated private key string or the pointer to this parameter set to NULL.</p>
</dd>
<dt><strong>Length of area provided for the private key string</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of the private key string parameter. At most, the generated private key string will be 1504 bytes.</p>
</dd>
<dt><strong>Length of private key string returned</strong></dt>
<dd>OUTPUT; BINARY(4)
<p>The length of the generated private key string returned in the private key string parameter.<br>
If the length of area provided is too small, an error will be generated and no data will be returned in the private key string parameter.</p>
</dd>
<dt><strong>Public key string</strong></dt>
<dd>OUTPUT; CHAR(*)
<p>The area to store the public key string.</p>
</dd>
<dt><strong>Length of area provided for the public key string</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of the public key string parameter. At most, the public key string will be 512 bytes.</p>
</dd>
<dt><strong>Length of public key string returned</strong></dt>
<dd>OUTPUT; BINARY(4)
<p>The length of the public key string returned in the public key string parameter.<br>
If the length of area provided is too small, an error will be generated and no data will be returned in the public key string parameter.</p>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information.<br>
For the format of the structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>. </p></dd>
</dl>
<br>
<h3><a name="header_9">Error Messages</a></h3>
<table width="100%">
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td valign="top" width="15%">CPF24B4 E</td>
<td valign="top" width="85%">Severe error while addressing parameter list.</td>
</tr>
<tr>
<td valign="top">CPF3C1E E</td>
<td valign="top">Required parameter &amp;1 omitted.</td>
</tr>
<tr>
<td valign="top">CPF3CF1 E</td>
<td valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF2 E</td>
<td align="left" valign="top">Error(s) occurred during running of &amp;1 API.</td>
</tr>
<tr>
<td valign="top">CPF9872 E</td>
<td valign="top">Program or service program &amp;1 in library &amp;2 ended. Reason code &amp;3.</td>
</tr>
<tr>
<td valign="top"><img src="delta.gif" alt="Start of change"></td>
</tr>
<tr>
<td valign="top">CPF9DAA D</td>
<td valign="top">A key requires translation.</td>
</tr>
<tr>
<td valign="top">CPF9DAB E</td>
<td valign="top">A key can not be decrypted.</td>
</tr>
<tr>
<td valign="top">CPF9DAC E</td>
<td valign="top">Disallowed function value not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DAD E</td>
<td valign="top">The master key ID is not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DAF E</td>
<td valign="top">Version &amp;2 of master key &amp;1 is not set.</td>
</tr>
<tr>
<td valign="top"><img src="deltaend.gif" alt="End of change"></td>
</tr>
<tr>
<td valign="top">CPF9DC2 E</td>
<td valign="top">Key-encrypting algorithm context not compatible with key-encrypting key context.</td>
</tr>
<tr>
<td valign="top">CPF9DC4 E</td>
<td valign="top">A key-encrypting algorithm context token does not reference a valid algorithm context.</td>
</tr>
<tr>
<td valign="top">CPF9DC5 E</td>
<td valign="top">A key-encrypting key context token does not reference a valid key context.</td>
</tr>
<tr>
<td valign="top">CPF9DC6 E</td>
<td valign="top">Algorithm not valid for encrypting or decrypting a key.</td>
</tr>
<tr>
<td valign="top">CPF9DD6 E</td>
<td valign="top">Length of area provided for output data is too small.</td>
</tr>
<tr>
<td valign="top">CPF9DD7 E</td>
<td valign="top">The key-encrypting key context for the specified key is not valid or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DD8 E</td>
<td valign="top">The key-encrypting algorithm context for the specified key is not valid or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DDA E</td>
<td valign="top">Unexpected return code &amp;1.</td>
</tr>
<tr>
<td valign="top">CPF9DDB E</td>
<td valign="top">The key string or Diffie-Hellman parameter string is not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE7 E</td>
<td valign="top">Key type not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE8 E</td>
<td valign="top">Key form not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE9 E</td>
<td valign="top">Key format not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEA E</td>
<td valign="top">Key size not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEB E</td>
<td valign="top">Public key exponent not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEC E</td>
<td valign="top">Cryptographic service provider not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DF0 E</td>
<td valign="top">Operation, algorithm, or mode not available on the requested CSP (cryptographic service provider).</td>
</tr>
<tr>
<td valign="top">CPF9DF1 E</td>
<td valign="top">The algorithm context token does not reference a valid algorithm context.</td>
</tr>
<tr>
<td valign="top">CPF9DF2 E</td>
<td valign="top">The algorithm context is not found or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DF3 E</td>
<td valign="top">Algorithm in algorithm context not valid for requested operation.</td>
</tr>
<tr>
<td valign="top">CPF9DF4 E</td>
<td valign="top">The key context token does not reference a valid key context.</td>
</tr>
<tr>
<td valign="top">CPF9DF5 E</td>
<td valign="top">The key context is not found or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DF6 E</td>
<td valign="top">Key can not be encrypted.</td>
</tr>
<tr>
<td valign="top">CPF9DF7 E</td>
<td valign="top">Algorithm context not compatible with key context.</td>
</tr>
<tr>
<td valign="top">CPF9DF8 E</td>
<td valign="top">Cryptographic device name not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DFB E</td>
<td valign="top">Cryptographic service provider (CSP) conflicts with the key context CSP.</td>
</tr>
<tr>
<td valign="top">CPF9DFC E</td>
<td valign="top">The key-encrypting algorithm or key context token is not valid.</td>
</tr>
</table>
<br>
<br>
<hr>
API introduced: V5R3
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center"><td valign="middle" align="center">
<a href="#Top_Of_Page">Top</a>
| <a href="catcrypt.htm">Cryptographic Services APIs</a>
| <a href="aplist.htm">APIs by category</a>
</td></tr>
</table>
</center>
</body></html>
Reference in New Issue View Git Blame Copy Permalink