746 lines
24 KiB
HTML
746 lines
24 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
|
<!-- Begin Header Records -->
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<!-- Created for V5R3 by beth hagemeister 6/12/02 -->
|
|
<!-- Change history: -->
|
|
<!-- 031020 BILLINGS Review 3 updates -->
|
|
<!-- 040824 BILLINGS V5R4 changes -->
|
|
<!-- 050315 BILLINGS V5R4 message updates -->
|
|
<!-- end header records -->
|
|
<title>Generate Symmetric Key (QC3GENSK, Qc3GenSymmetricKey)</title>
|
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
|
</head>
|
|
<body>
|
|
<a name="Top_Of_Page"></a>
|
|
<!--Java sync-link-->
|
|
|
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
|
</script>
|
|
|
|
<h2>Generate Symmetric Key (QC3GENSK, Qc3GenSymmetricKey)</h2>
|
|
|
|
<div class="box" style="width: 80%;">
|
|
<br>
|
|
|
|
Required Parameter Group:<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
|
|
<table width="100%">
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">1
|
|
</td><td align="left" valign="top" width="60%">Key type
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Binary(4)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">2
|
|
</td><td align="left" valign="top" width="60%">Key size
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Binary(4)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">3
|
|
</td><td align="left" valign="top" width="60%">Key format
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(1)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">4
|
|
</td><td align="left" valign="top" width="60%">Key form
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(1)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">5
|
|
</td><td align="left" valign="top" width="60%">Key-encrypting key
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(*)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">6
|
|
</td><td align="left" valign="top" width="60%">Key-encrypting algorithm
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(8)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">7
|
|
</td><td align="left" valign="top" width="60%">Cryptographic service provider
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(1)
|
|
</td></tr><tr>
|
|
<td align="center" valign="top" width="10%">8
|
|
</td><td align="left" valign="top" width="60%">Cryptographic device name
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Char(10)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">9
|
|
</td><td align="left" valign="top" width="60%">Key string
|
|
</td><td align="left" valign="top" width="15%">Output
|
|
</td><td align="left" valign="top" width="15%">Char(*)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">10
|
|
</td><td align="left" valign="top" width="60%">Length of area provided for key string
|
|
</td><td align="left" valign="top" width="15%">Input
|
|
</td><td align="left" valign="top" width="15%">Binary(4)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">11
|
|
</td><td align="left" valign="top" width="60%">Length of key string returned
|
|
</td><td align="left" valign="top" width="15%">Output
|
|
</td><td align="left" valign="top" width="15%">Binary(4)
|
|
</td></tr>
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">12
|
|
</td><td align="left" valign="top" width="60%">Error code
|
|
</td><td align="left" valign="top" width="15%">I/O
|
|
</td><td align="left" valign="top" width="15%">Char(*)
|
|
</td></tr>
|
|
</table>
|
|
<br>
|
|
|
|
Service Program Name: QC3KEYGN<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
|
|
Default Public Authority: *USE<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
|
|
Threadsafe: Yes<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
</div>
|
|
|
|
<p>The Generate Symmetric Key (OPM, QC3GENSK; ILE, Qc3GenSymmetricKey)
|
|
API generates a random key value that can be used with symmetric cipher
|
|
algorithms DES, Triple DES, AES, RC2, and RC4-compatible,
|
|
<img src="delta.gif" alt="Start of change">
|
|
or the HMAC algorithms MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
|
|
<img src="deltaend.gif" alt="End of change">
|
|
</p>
|
|
|
|
<p>Information on cryptographic standards can be found in the <a href=
|
|
"qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE,
|
|
Qc3CreateAlgorithmContext)</a> API documentation.</p>
|
|
<br>
|
|
|
|
<h3>Authorities and Locks</h3>
|
|
<dl>
|
|
<dt><strong>Required device description authority</strong></dt>
|
|
<dd>*USE<br><br></dd>
|
|
</dl>
|
|
<br>
|
|
|
|
<h3>Required Parameter Group</h3>
|
|
<dl>
|
|
<dt><strong>Key type</strong></dt>
|
|
<dd>INPUT; BINARY(4)
|
|
<p>The type of key.<br>
|
|
Following are the valid values.</p>
|
|
<table width="95%">
|
|
|
|
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>1</strong></td>
|
|
<td align="left" valign="top" width="95%">MD5<br>
|
|
An MD5 key is used for HMAC (hash message
|
|
authentication code) operations. The minimum length for an MD5 HMAC key is 16
|
|
bytes. A key longer than 16 bytes does not significantly increase the function
|
|
strength unless the randomness of the key is considered weak. A key longer than
|
|
64 bytes will be hashed before it is used.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>2</strong></td>
|
|
<td align="left" valign="top" width="95%">SHA-1<br>
|
|
An SHA-1 key is used for HMAC (hash message
|
|
authentication code) operations. The minimum length for an SHA-1 HMAC key is 20
|
|
bytes. A key longer than 20 bytes does not significantly increase the function
|
|
strength unless the randomness of the key is considered weak. A key longer than
|
|
64 bytes will be hashed before it is used.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>3</strong></td>
|
|
<td align="left" valign="top" width="95%">SHA-256<br>
|
|
An SHA-256 key is used for HMAC (hash message
|
|
authentication code) operations. The minimum length for an SHA-256 HMAC key is
|
|
32 bytes. A key longer than 32 bytes does not significantly increase the
|
|
function strength unless the randomness of the key is considered weak. A key
|
|
longer than 64 bytes will be hashed before it is used.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>4</strong></td>
|
|
<td align="left" valign="top" width="95%">SHA-384<br>
|
|
An SHA-384 key is used for HMAC (hash message
|
|
authentication code) operations. The minimum length for an SHA-384 HMAC key is
|
|
48 bytes. A key longer than 48 bytes does not significantly increase the
|
|
function strength unless the randomness of the key is considered weak. A key
|
|
longer than 128 bytes will be hashed before it is used.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>5</strong></td>
|
|
<td align="left" valign="top" width="95%">SHA-512<br>
|
|
An SHA-512 key is used for HMAC (hash message
|
|
authentication code) operations. The minimum length for an SHA-512 HMAC key is
|
|
64 bytes. A key longer than 64 bytes does not significantly increase the
|
|
function strength unless the randomness of the key is considered weak. A key
|
|
longer than 128 bytes will be hashed before it is used.</td>
|
|
</tr>
|
|
|
|
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>20</strong></td>
|
|
<td align="left" valign="top" width="95%">DES<br>
|
|
Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte will be set to odd parity because some cryptographic service providers require that a DES key have odd parity in every byte.<br>
|
|
The key size parameter must specify 8.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>21</strong></td>
|
|
<td align="left" valign="top" width="95%">Triple DES<br>
|
|
Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte will be set to odd parity because some cryptographic service providers require that a DES key have odd parity in every byte. <br>
|
|
The key size can be 8, 16, or 24. Triple DES operates on an encryption block by doing a DES encrypt, followed by a DES decrypt, and then another DES encrypt. Therefore, it actually uses three 8-byte DES keys. If the key is 24 bytes in length, the first 8 bytes are used for key 1, the second 8 bytes for key 2, and the third 8 bytes for key 3. If the key is 16 bytes in length, the first 8 bytes are used for key 1 and key 3, and the second 8 bytes for key 2. If the key is only 8 bytes in length, it will be used for all 3 keys (essentially making the operation equivalent to a single DES operation).</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>22</strong></td>
|
|
<td align="left" valign="top" width="95%">AES<br>
|
|
The key size can be 16, 24, or 32.<br>
|
|
AES keys are supported only by the software CSP.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>23</strong></td>
|
|
<td align="left" valign="top" width="95%">RC2<br>
|
|
The key size can be 1 - 128.<br>
|
|
RC2 keys are supported only by the software CSP.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>30</strong></td>
|
|
<td align="left" valign="top" width="95%">RC4-compatible<br>
|
|
The key size can be 1 - 256.<br>
|
|
RC4-compatible keys are supported only by the software CSP. Because of the nature of the RC4-compatible operation, using the same key for more than one message will severely compromise security.</td>
|
|
</tr>
|
|
</table>
|
|
<br>
|
|
</dd>
|
|
<dt><strong>Key size</strong></dt>
|
|
<dd>INPUT; BINARY(4)
|
|
<p>The length of key to generate in bytes.<br>
|
|
Refer to the key type parameter for restrictions.
|
|
</p>
|
|
</dd>
|
|
<dt><strong>Key format</strong></dt>
|
|
<dd>INPUT; CHAR(1)
|
|
<p>The format in which to return the key.<br>
|
|
Following are the valid values.</p>
|
|
<table width="95%">
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
|
<td align="left" valign="top" width="95%">Binary string.<br>
|
|
The key is returned as a binary value.</td>
|
|
</tr>
|
|
</table>
|
|
</dd>
|
|
|
|
<dt><strong>Key form</strong></dt>
|
|
<dd>INPUT; CHAR(1)
|
|
<p>The form in which to return the key.</p>
|
|
<table width="95%">
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
|
<td align="left" valign="top" width="95%">Clear.<br>
|
|
The key string is returned in the clear.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top"><strong>1</strong></td>
|
|
<td align="left" valign="top">Encrypted.<br>
|
|
The key string is returned encrypted
|
|
<img src="delta.gif" alt="Start of change">
|
|
with a key-encrypting key.
|
|
Tokens are specified in the key-encrypting key and key-encrypting algorithm
|
|
parameters and used to encrypt the generated key before returning it.
|
|
<img src="deltaend.gif" alt="End of change">
|
|
</td>
|
|
</tr>
|
|
|
|
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>2</strong></td>
|
|
<td align="left" valign="top" width="95%">Encrypted with a master key<br>
|
|
The key string is returned encrypted with a master key. The master key is
|
|
specified in the key-encrypting key parameter.
|
|
</td>
|
|
</tr>
|
|
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
|
|
|
|
</table>
|
|
<br>
|
|
</dd>
|
|
|
|
<dt><img src="delta.gif" alt="Start of change"></dt>
|
|
<dt><strong>Key-encrypting key</strong></dt>
|
|
<dd>INPUT; CHAR(*)
|
|
|
|
<p>For key form 0 (clear), this parameter must be set to blanks or the pointer
|
|
to this parameter set to NULL.</p>
|
|
<p>For key form 1 (encrypted), this parameter specifies the key context token
|
|
to use to encrypt the generated key.</p>
|
|
<p>For key form 2 (encrypted with a master key), this parameter has the
|
|
following structure:</p>
|
|
<table border width="70%">
|
|
<tr>
|
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th align="left" valign="bottom">Dec</th>
|
|
<th align="left" valign="bottom">Hex</th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top" width="9%">0</td>
|
|
<td align="center" valign="top" width="9%">0</td>
|
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
|
<td align="left" valign="top" width="63%">Master key ID</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top" width="9%">4</td>
|
|
<td align="center" valign="top" width="9%">4</td>
|
|
<td align="left" valign="top" width="19%">CHAR(4)</td>
|
|
<td align="left" valign="top" width="63%">Reserved</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top" width="9%">8</td>
|
|
<td align="center" valign="top" width="9%">8</td>
|
|
<td align="left" valign="top" width="19%">BINARY(4)</td>
|
|
<td align="left" valign="top" width="63%">Disallowed function</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top" width="9%">12</td>
|
|
<td align="center" valign="top" width="9%">C</td>
|
|
<td align="left" valign="top" width="19%">CHAR(20)</td>
|
|
<td align="left" valign="top" width="63%">Master key KVV</td>
|
|
</tr>
|
|
|
|
</table>
|
|
<br><br>
|
|
<dl>
|
|
<dt><strong>Master key ID</strong></dt>
|
|
|
|
<dd>The master key IDs are<br><br>
|
|
<table width="95%">
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>1</strong></td>
|
|
<td align="left" valign="top">Master key 1</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>2</strong></td>
|
|
<td align="left" valign="top">Master key 2</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>3</strong></td>
|
|
<td align="left" valign="top">Master key 3</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>4</strong></td>
|
|
<td align="left" valign="top">Master key 4</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>5</strong></td>
|
|
<td align="left" valign="top">Master key 5</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>6</strong></td>
|
|
<td align="left" valign="top">Master key 6</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>7</strong></td>
|
|
<td align="left" valign="top">Master key 7</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top" width="15%"><strong>8</strong></td>
|
|
<td align="left" valign="top">Master key 8</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<dt><strong>Reserved</strong></dt>
|
|
|
|
<dd>Must be null (binary 0s).
|
|
<br><br>
|
|
</dd>
|
|
|
|
<dt><strong>Disallowed function</strong></dt>
|
|
|
|
<dd>INPUT; BINARY(4)
|
|
|
|
<p>This parameter specifies the functions that cannot be used with this key.
|
|
The values listed below can be added together to disallow multiple functions.
|
|
For example, to disallow everything but MACing, set the value to 11.
|
|
This value should be saved along with the encrypted key value because it will
|
|
be required when the encrypted key value is used on an API.</p>
|
|
|
|
<table width="95%">
|
|
<tr>
|
|
<td align="left" valign="top" width="10%"><strong>0</strong></td>
|
|
<td align="left" valign="top" width="85%">No functions are disallowed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><strong>1</strong></td>
|
|
<td align="left" valign="top">Encryption is disallowed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><strong>2</strong></td>
|
|
<td align="left" valign="top">Decryption is disallowed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><strong>4</strong></td>
|
|
<td align="left" valign="top">MACing is disallowed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><strong>8</strong></td>
|
|
<td align="left" valign="top">Signing is disallowed.</td>
|
|
</tr>
|
|
|
|
</table>
|
|
<br>
|
|
</dd>
|
|
|
|
<dt><strong>Master key KVV</strong></dt>
|
|
<dd>The key verification value of the master key that was used to encrypt
|
|
the key is returned in this field. This value should be saved along with the
|
|
encrypted key value. When the encrypted key value is used on an API and the KVV
|
|
is supplied, the API will be able to determine which version of the master key
|
|
should be used to decrypt the key. This field must be null (binary 0s)
|
|
on input.<br>
|
|
<br>
|
|
</dd>
|
|
</dl>
|
|
</dd>
|
|
|
|
<dt><strong>Key-encrypting algorithm</strong></dt>
|
|
<dd>INPUT; CHAR(8)
|
|
<p>For key form 0 (clear) and 2 (encrypted with a master key), this parameter
|
|
must be set to blanks or the pointer to this parameter set to NULL.</p>
|
|
<p>For key form 1 (encrypted), this parameter specifies the algorithm context
|
|
token to use for encrypting the generated key.
|
|
</p>
|
|
</dd>
|
|
<dt><img src="deltaend.gif" alt="End of change"><br><br></dt>
|
|
|
|
<dt><strong>Cryptographic service provider</strong></dt>
|
|
<dd>INPUT; CHAR(1)
|
|
<p>The cryptographic service provider (CSP) that will perform the key generate operation.</p>
|
|
<table width="95%">
|
|
<tr>
|
|
<td align="left" valign="top" width="5%"><strong>0</strong></td>
|
|
<td align="left" valign="top" width="95%">Any CSP.<br>
|
|
The system will choose an appropriate CSP to perform the key generate operation.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top"><strong>1</strong></td>
|
|
<td align="left" valign="top">Software CSP.<br>
|
|
The system will perform the key generate operation using software. If the requested key type or form is not available in software, an error is returned.</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="left" valign="top"><strong>2</strong></td>
|
|
<td align="left" valign="top">Hardware CSP.<br>
|
|
The system will perform the key generate operation using cryptographic hardware. If the requested key type or form is not available in hardware, an error is returned. A specific cryptographic device can be specified using the cryptographic device name parameter. If the cryptographic device is not specified, the system will choose an appropriate one.</td>
|
|
</tr>
|
|
</table>
|
|
<br>
|
|
</dd>
|
|
|
|
<dt><strong>Cryptographic device name</strong></dt>
|
|
<dd>INPUT; CHAR(10)
|
|
<p>The name of a cryptographic device description.<br>
|
|
This parameter is valid when the cryptographic service provider parameter specifies 2 (hardware CSP). Otherwise, this parameter must be blanks or the pointer to this parameter set to NULL.</p>
|
|
</dd>
|
|
<dt><strong>Key string</strong></dt>
|
|
<dd>OUTPUT; CHAR(*)
|
|
<p>The area to store the generated key string.<br>
|
|
</p>
|
|
</dd>
|
|
<dt><strong>Length of area provided for key string</strong></dt>
|
|
<dd>INPUT; BINARY(4)
|
|
<p>The length of the key string parameter.<br>
|
|
The length of the generated key string will be the length specified in the key size parameter. If the key form specifies 1 (encrypted), you must allow room for padding the encrypted key string to the next block length multiple. (e.g. Add an additional 8 bytes for DES.) For more information on block length, refer to the <a href = "qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE, Qc3CreateAlgorithmContext) API</a>.
|
|
</p>
|
|
</dd>
|
|
<dt><strong>Length of key string returned</strong></dt>
|
|
<dd>OUTPUT; BINARY(4)
|
|
<p>The length of the key string returned in the key string parameter.<br>
|
|
If the length of area provided for the key string is too small, an error will be generated and no data will be returned in the key string parameter.
|
|
</p>
|
|
</dd>
|
|
<dt><strong>Error code</strong></dt>
|
|
<dd>I/O; CHAR(*)
|
|
<p>The structure in which to return error information.<br>
|
|
For the format of the structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>. </p></dd>
|
|
</dl>
|
|
<br>
|
|
|
|
<h3>Error Messages</h3>
|
|
|
|
|
|
<table width="100%">
|
|
|
|
<tr>
|
|
<th align="left" valign="top">Message ID</th>
|
|
<th align="left" valign="top">Error Message Text</th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top" width="15%">CPF24B4 E</td>
|
|
<td valign="top" width="85%">Severe error while addressing parameter list.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF3C1E E</td>
|
|
<td valign="top">Required parameter &1 omitted.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF3CF1 E</td>
|
|
<td valign="top">Error code parameter not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF3CF2 E</td>
|
|
<td align="left" valign="top">Error(s) occurred during running of &1 API.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9872 E</td>
|
|
<td valign="top">Program or service program &1 in library &2 ended. Reason code &3.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top"><img src="delta.gif" alt="Start of change"></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DAA D</td>
|
|
<td valign="top">A key requires translation.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DAB E</td>
|
|
<td valign="top">A key can not be decrypted.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DAC E</td>
|
|
<td valign="top">Disallowed function value not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DAD E</td>
|
|
<td valign="top">The master key ID is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DAF E</td>
|
|
<td valign="top">Version &2 of master key &1 is not set.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top"><img src="deltaend.gif" alt="End of change"></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DC2 E</td>
|
|
<td valign="top">Key-encrypting algorithm context not compatible with key-encrypting key context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DC4 E</td>
|
|
<td valign="top">A key-encrypting algorithm context token does not reference a valid algorithm context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DC5 E</td>
|
|
<td valign="top">A key-encrypting key context token does not reference a valid key context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DC6 E</td>
|
|
<td valign="top">Algorithm not valid for encrypting or decrypting a key.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DD6 E</td>
|
|
<td valign="top">Length of area provided for output data is too small.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DD7 E</td>
|
|
<td valign="top">The key-encrypting key context for the specified key is not valid or was previously destroyed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DD8 E</td>
|
|
<td valign="top">The key-encrypting algorithm context for the specified key is not valid or was previously destroyed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DDA E</td>
|
|
<td valign="top">Unexpected return code &1.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DDB E</td>
|
|
<td valign="top">The key string or Diffie-Hellman parameter string is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DE7 E</td>
|
|
<td valign="top">Key type not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DE8 E</td>
|
|
<td valign="top">Key form not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DE9 E</td>
|
|
<td valign="top">Key format not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DEA E</td>
|
|
<td valign="top">Key size not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DEC E</td>
|
|
<td valign="top">Cryptographic service provider not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DEE E</td>
|
|
<td valign="top">Reserved field not null.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF0 E</td>
|
|
<td valign="top">Operation, algorithm, or mode not available on the requested CSP (cryptographic service provider).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF1 E</td>
|
|
<td valign="top">The algorithm context token does not reference a valid algorithm context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF2 E</td>
|
|
<td valign="top">The algorithm context is not found or was previously destroyed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF3 E</td>
|
|
<td valign="top">Algorithm in algorithm context not valid for requested operation.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF4 E</td>
|
|
<td valign="top">The key context token does not reference a valid key context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF5 E</td>
|
|
<td valign="top">The key context is not found or was previously destroyed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF6 E</td>
|
|
<td valign="top">Key can not be encrypted.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF7 E</td>
|
|
<td valign="top">Algorithm context not compatible with key context.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF8 E</td>
|
|
<td valign="top">Cryptographic device name not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DF9 E</td>
|
|
<td valign="top">Cryptographic device not found.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DFB E</td>
|
|
<td valign="top">Cryptographic service provider (CSP) conflicts with the key context CSP.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DFC E</td>
|
|
<td valign="top">The key-encrypting algorithm or key context token is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DFD E</td>
|
|
<td valign="top">Not authorized to device.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td valign="top">CPF9DFE E</td>
|
|
<td valign="top">Cryptographic device not available.</td>
|
|
</tr>
|
|
|
|
</table>
|
|
|
|
<br>
|
|
|
|
<hr>
|
|
API introduced: V5R3
|
|
|
|
<hr>
|
|
<center>
|
|
|
|
<table cellpadding="2" cellspacing="2">
|
|
<tr align="center"><td valign="middle" align="center">
|
|
<a href="#Top_Of_Page">Top</a>
|
|
| <a href="catcrypt.htm">Cryptographic Services APIs</a>
|
|
| <a href="aplist.htm">APIs by category</a>
|
|
</td></tr>
|
|
</table>
|
|
|
|
</center>
|
|
|
|
|
|
</body></html>
|
|
|
|
|
|
|