ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qc3gensk.htm

746 lines
24 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<!-- Begin Header Records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Created for V5R3 by beth hagemeister 6/12/02 -->
<!-- Change history: -->
<!-- 031020 BILLINGS Review 3 updates -->
<!-- 040824 BILLINGS V5R4 changes -->
<!-- 050315 BILLINGS V5R4 message updates -->
<!-- end header records -->
<title>Generate Symmetric Key (QC3GENSK, Qc3GenSymmetricKey)</title>
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!--Java sync-link-->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>Generate Symmetric Key (QC3GENSK, Qc3GenSymmetricKey)</h2>
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Required Parameter Group:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1
</td><td align="left" valign="top" width="60%">Key type
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">2
</td><td align="left" valign="top" width="60%">Key size
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">3
</td><td align="left" valign="top" width="60%">Key format
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">4
</td><td align="left" valign="top" width="60%">Key form
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">5
</td><td align="left" valign="top" width="60%">Key-encrypting key
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">6
</td><td align="left" valign="top" width="60%">Key-encrypting algorithm
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(8)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">7
</td><td align="left" valign="top" width="60%">Cryptographic service provider
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(1)
</td></tr><tr>
<td align="center" valign="top" width="10%">8
</td><td align="left" valign="top" width="60%">Cryptographic device name
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Char(10)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">9
</td><td align="left" valign="top" width="60%">Key string
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">10
</td><td align="left" valign="top" width="60%">Length of area provided for key string
</td><td align="left" valign="top" width="15%">Input
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">11
</td><td align="left" valign="top" width="60%">Length of key string returned
</td><td align="left" valign="top" width="15%">Output
</td><td align="left" valign="top" width="15%">Binary(4)
</td></tr>
<tr>
<td align="center" valign="top" width="10%">12
</td><td align="left" valign="top" width="60%">Error code
</td><td align="left" valign="top" width="15%">I/O
</td><td align="left" valign="top" width="15%">Char(*)
</td></tr>
</table>
<br>
&nbsp;&nbsp;Service Program Name: QC3KEYGN<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The Generate Symmetric Key (OPM, QC3GENSK; ILE, Qc3GenSymmetricKey)
API generates a random key value that can be used with symmetric cipher
algorithms DES, Triple DES, AES, RC2, and RC4-compatible,
<img src="delta.gif" alt="Start of change">
or the HMAC algorithms MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
<img src="deltaend.gif" alt="End of change">
</p>
<p>Information on cryptographic standards can be found in the <a href=
"qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE,
Qc3CreateAlgorithmContext)</a> API documentation.</p>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><strong>Required device description authority</strong></dt>
<dd>*USE<br><br></dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Key type</strong></dt>
<dd>INPUT; BINARY(4)
<p>The type of key.<br>
Following are the valid values.</p>
<table width="95%">
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
<tr>
<td align="left" valign="top" width="5%"><strong>1</strong></td>
<td align="left" valign="top" width="95%">MD5<br>
An MD5 key is used for HMAC (hash message
authentication code) operations. The minimum length for an MD5 HMAC key is 16
bytes. A key longer than 16 bytes does not significantly increase the function
strength unless the randomness of the key is considered weak. A key longer than
64 bytes will be hashed before it is used.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>2</strong></td>
<td align="left" valign="top" width="95%">SHA-1<br>
An SHA-1 key is used for HMAC (hash message
authentication code) operations. The minimum length for an SHA-1 HMAC key is 20
bytes. A key longer than 20 bytes does not significantly increase the function
strength unless the randomness of the key is considered weak. A key longer than
64 bytes will be hashed before it is used.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>3</strong></td>
<td align="left" valign="top" width="95%">SHA-256<br>
An SHA-256 key is used for HMAC (hash message
authentication code) operations. The minimum length for an SHA-256 HMAC key is
32 bytes. A key longer than 32 bytes does not significantly increase the
function strength unless the randomness of the key is considered weak. A key
longer than 64 bytes will be hashed before it is used.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>4</strong></td>
<td align="left" valign="top" width="95%">SHA-384<br>
An SHA-384 key is used for HMAC (hash message
authentication code) operations. The minimum length for an SHA-384 HMAC key is
48 bytes. A key longer than 48 bytes does not significantly increase the
function strength unless the randomness of the key is considered weak. A key
longer than 128 bytes will be hashed before it is used.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>5</strong></td>
<td align="left" valign="top" width="95%">SHA-512<br>
An SHA-512 key is used for HMAC (hash message
authentication code) operations. The minimum length for an SHA-512 HMAC key is
64 bytes. A key longer than 64 bytes does not significantly increase the
function strength unless the randomness of the key is considered weak. A key
longer than 128 bytes will be hashed before it is used.</td>
</tr>
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
<tr>
<td align="left" valign="top" width="5%"><strong>20</strong></td>
<td align="left" valign="top" width="95%">DES<br>
Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte will be set to odd parity because some cryptographic service providers require that a DES key have odd parity in every byte.<br>
The key size parameter must specify 8.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>21</strong></td>
<td align="left" valign="top" width="95%">Triple DES<br>
Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte will be set to odd parity because some cryptographic service providers require that a DES key have odd parity in every byte. <br>
The key size can be 8, 16, or 24. Triple DES operates on an encryption block by doing a DES encrypt, followed by a DES decrypt, and then another DES encrypt. Therefore, it actually uses three 8-byte DES keys. If the key is 24 bytes in length, the first 8 bytes are used for key 1, the second 8 bytes for key 2, and the third 8 bytes for key 3. If the key is 16 bytes in length, the first 8 bytes are used for key 1 and key 3, and the second 8 bytes for key 2. If the key is only 8 bytes in length, it will be used for all 3 keys (essentially making the operation equivalent to a single DES operation).</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>22</strong></td>
<td align="left" valign="top" width="95%">AES<br>
The key size can be 16, 24, or 32.<br>
AES keys are supported only by the software CSP.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>23</strong></td>
<td align="left" valign="top" width="95%">RC2<br>
The key size can be 1 - 128.<br>
RC2 keys are supported only by the software CSP.</td>
</tr>
<tr>
<td align="left" valign="top" width="5%"><strong>30</strong></td>
<td align="left" valign="top" width="95%">RC4-compatible<br>
The key size can be 1 - 256.<br>
RC4-compatible keys are supported only by the software CSP. Because of the nature of the RC4-compatible operation, using the same key for more than one message will severely compromise security.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Key size</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of key to generate in bytes.<br>
Refer to the key type parameter for restrictions.
</p>
</dd>
<dt><strong>Key format</strong></dt>
<dd>INPUT; CHAR(1)
<p>The format in which to return the key.<br>
Following are the valid values.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>0</strong></td>
<td align="left" valign="top" width="95%">Binary string.<br>
The key is returned as a binary value.</td>
</tr>
</table>
</dd>
<dt><strong>Key form</strong></dt>
<dd>INPUT; CHAR(1)
<p>The form in which to return the key.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>0</strong></td>
<td align="left" valign="top" width="95%">Clear.<br>
The key string is returned in the clear.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>1</strong></td>
<td align="left" valign="top">Encrypted.<br>
The key string is returned encrypted
<img src="delta.gif" alt="Start of change">
with a key-encrypting key.
Tokens are specified in the key-encrypting key and key-encrypting algorithm
parameters and used to encrypt the generated key before returning it.
<img src="deltaend.gif" alt="End of change">
</td>
</tr>
<tr><td><img src="delta.gif" alt="Start of change"></td></tr>
<tr>
<td align="left" valign="top" width="5%"><strong>2</strong></td>
<td align="left" valign="top" width="95%">Encrypted with a master key<br>
The key string is returned encrypted with a master key. The master key is
specified in the key-encrypting key parameter.
</td>
</tr>
<tr><td><img src="deltaend.gif" alt="End of change"></td></tr>
</table>
<br>
</dd>
<dt><img src="delta.gif" alt="Start of change"></dt>
<dt><strong>Key-encrypting key</strong></dt>
<dd>INPUT; CHAR(*)
<p>For key form 0 (clear), this parameter must be set to blanks or the pointer
to this parameter set to NULL.</p>
<p>For key form 1 (encrypted), this parameter specifies the key context token
to use to encrypt the generated key.</p>
<p>For key form 2 (encrypted with a master key), this parameter has the
following structure:</p>
<table border width="70%">
<tr>
<th align="center" valign="bottom" colspan="2">Offset</th>
<th align="left" valign="bottom" rowspan="2">Type</th>
<th align="left" valign="bottom" rowspan="2">Field</th>
</tr>
<tr>
<th align="left" valign="bottom">Dec</th>
<th align="left" valign="bottom">Hex</th>
</tr>
<tr>
<td align="center" valign="top" width="9%">0</td>
<td align="center" valign="top" width="9%">0</td>
<td align="left" valign="top" width="19%">BINARY(4)</td>
<td align="left" valign="top" width="63%">Master key ID</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">4</td>
<td align="center" valign="top" width="9%">4</td>
<td align="left" valign="top" width="19%">CHAR(4)</td>
<td align="left" valign="top" width="63%">Reserved</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">8</td>
<td align="center" valign="top" width="9%">8</td>
<td align="left" valign="top" width="19%">BINARY(4)</td>
<td align="left" valign="top" width="63%">Disallowed function</td>
</tr>
<tr>
<td align="center" valign="top" width="9%">12</td>
<td align="center" valign="top" width="9%">C</td>
<td align="left" valign="top" width="19%">CHAR(20)</td>
<td align="left" valign="top" width="63%">Master key KVV</td>
</tr>
</table>
<br><br>
<dl>
<dt><strong>Master key ID</strong></dt>
<dd>The master key IDs are<br><br>
<table width="95%">
<tr>
<td align="left" valign="top" width="15%"><strong>1</strong></td>
<td align="left" valign="top">Master key 1</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>2</strong></td>
<td align="left" valign="top">Master key 2</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>3</strong></td>
<td align="left" valign="top">Master key 3</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>4</strong></td>
<td align="left" valign="top">Master key 4</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>5</strong></td>
<td align="left" valign="top">Master key 5</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>6</strong></td>
<td align="left" valign="top">Master key 6</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>7</strong></td>
<td align="left" valign="top">Master key 7</td>
</tr>
<tr>
<td align="left" valign="top" width="15%"><strong>8</strong></td>
<td align="left" valign="top">Master key 8</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Reserved</strong></dt>
<dd>Must be null (binary 0s).
<br><br>
</dd>
<dt><strong>Disallowed function</strong></dt>
<dd>INPUT; BINARY(4)
<p>This parameter specifies the functions that cannot be used with this key.
The values listed below can be added together to disallow multiple functions.
For example, to disallow everything but MACing, set the value to 11.
This value should be saved along with the encrypted key value because it will
be required when the encrypted key value is used on an API.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="10%"><strong>0</strong></td>
<td align="left" valign="top" width="85%">No functions are disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>1</strong></td>
<td align="left" valign="top">Encryption is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>2</strong></td>
<td align="left" valign="top">Decryption is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>4</strong></td>
<td align="left" valign="top">MACing is disallowed.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>8</strong></td>
<td align="left" valign="top">Signing is disallowed.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Master key KVV</strong></dt>
<dd>The key verification value of the master key that was used to encrypt
the key is returned in this field. This value should be saved along with the
encrypted key value. When the encrypted key value is used on an API and the KVV
is supplied, the API will be able to determine which version of the master key
should be used to decrypt the key. This field must be null (binary 0s)
on input.<br>
<br>
</dd>
</dl>
</dd>
<dt><strong>Key-encrypting algorithm</strong></dt>
<dd>INPUT; CHAR(8)
<p>For key form 0 (clear) and 2 (encrypted with a master key), this parameter
must be set to blanks or the pointer to this parameter set to NULL.</p>
<p>For key form 1 (encrypted), this parameter specifies the algorithm context
token to use for encrypting the generated key.
</p>
</dd>
<dt><img src="deltaend.gif" alt="End of change"><br><br></dt>
<dt><strong>Cryptographic service provider</strong></dt>
<dd>INPUT; CHAR(1)
<p>The cryptographic service provider (CSP) that will perform the key generate operation.</p>
<table width="95%">
<tr>
<td align="left" valign="top" width="5%"><strong>0</strong></td>
<td align="left" valign="top" width="95%">Any CSP.<br>
The system will choose an appropriate CSP to perform the key generate operation.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>1</strong></td>
<td align="left" valign="top">Software CSP.<br>
The system will perform the key generate operation using software. If the requested key type or form is not available in software, an error is returned.</td>
</tr>
<tr>
<td align="left" valign="top"><strong>2</strong></td>
<td align="left" valign="top">Hardware CSP.<br>
The system will perform the key generate operation using cryptographic hardware. If the requested key type or form is not available in hardware, an error is returned. A specific cryptographic device can be specified using the cryptographic device name parameter. If the cryptographic device is not specified, the system will choose an appropriate one.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Cryptographic device name</strong></dt>
<dd>INPUT; CHAR(10)
<p>The name of a cryptographic device description.<br>
This parameter is valid when the cryptographic service provider parameter specifies 2 (hardware CSP). Otherwise, this parameter must be blanks or the pointer to this parameter set to NULL.</p>
</dd>
<dt><strong>Key string</strong></dt>
<dd>OUTPUT; CHAR(*)
<p>The area to store the generated key string.<br>
</p>
</dd>
<dt><strong>Length of area provided for key string</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of the key string parameter.<br>
The length of the generated key string will be the length specified in the key size parameter. If the key form specifies 1 (encrypted), you must allow room for padding the encrypted key string to the next block length multiple. (e.g. Add an additional 8 bytes for DES.) For more information on block length, refer to the <a href = "qc3crtax.htm">Create Algorithm Context (OPM, QC3CRTAX; ILE, Qc3CreateAlgorithmContext) API</a>.
</p>
</dd>
<dt><strong>Length of key string returned</strong></dt>
<dd>OUTPUT; BINARY(4)
<p>The length of the key string returned in the key string parameter.<br>
If the length of area provided for the key string is too small, an error will be generated and no data will be returned in the key string parameter.
</p>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information.<br>
For the format of the structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>. </p></dd>
</dl>
<br>
<h3>Error Messages</h3>
<table width="100%">
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td valign="top" width="15%">CPF24B4 E</td>
<td valign="top" width="85%">Severe error while addressing parameter list.</td>
</tr>
<tr>
<td valign="top">CPF3C1E E</td>
<td valign="top">Required parameter &amp;1 omitted.</td>
</tr>
<tr>
<td valign="top">CPF3CF1 E</td>
<td valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF2 E</td>
<td align="left" valign="top">Error(s) occurred during running of &amp;1 API.</td>
</tr>
<tr>
<td valign="top">CPF9872 E</td>
<td valign="top">Program or service program &amp;1 in library &amp;2 ended. Reason code &amp;3.</td>
</tr>
<tr>
<td valign="top"><img src="delta.gif" alt="Start of change"></td>
</tr>
<tr>
<td valign="top">CPF9DAA D</td>
<td valign="top">A key requires translation.</td>
</tr>
<tr>
<td valign="top">CPF9DAB E</td>
<td valign="top">A key can not be decrypted.</td>
</tr>
<tr>
<td valign="top">CPF9DAC E</td>
<td valign="top">Disallowed function value not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DAD E</td>
<td valign="top">The master key ID is not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DAF E</td>
<td valign="top">Version &amp;2 of master key &amp;1 is not set.</td>
</tr>
<tr>
<td valign="top"><img src="deltaend.gif" alt="End of change"></td>
</tr>
<tr>
<td valign="top">CPF9DC2 E</td>
<td valign="top">Key-encrypting algorithm context not compatible with key-encrypting key context.</td>
</tr>
<tr>
<td valign="top">CPF9DC4 E</td>
<td valign="top">A key-encrypting algorithm context token does not reference a valid algorithm context.</td>
</tr>
<tr>
<td valign="top">CPF9DC5 E</td>
<td valign="top">A key-encrypting key context token does not reference a valid key context.</td>
</tr>
<tr>
<td valign="top">CPF9DC6 E</td>
<td valign="top">Algorithm not valid for encrypting or decrypting a key.</td>
</tr>
<tr>
<td valign="top">CPF9DD6 E</td>
<td valign="top">Length of area provided for output data is too small.</td>
</tr>
<tr>
<td valign="top">CPF9DD7 E</td>
<td valign="top">The key-encrypting key context for the specified key is not valid or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DD8 E</td>
<td valign="top">The key-encrypting algorithm context for the specified key is not valid or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DDA E</td>
<td valign="top">Unexpected return code &amp;1.</td>
</tr>
<tr>
<td valign="top">CPF9DDB E</td>
<td valign="top">The key string or Diffie-Hellman parameter string is not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE7 E</td>
<td valign="top">Key type not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE8 E</td>
<td valign="top">Key form not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DE9 E</td>
<td valign="top">Key format not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEA E</td>
<td valign="top">Key size not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEC E</td>
<td valign="top">Cryptographic service provider not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DEE E</td>
<td valign="top">Reserved field not null.</td>
</tr>
<tr>
<td valign="top">CPF9DF0 E</td>
<td valign="top">Operation, algorithm, or mode not available on the requested CSP (cryptographic service provider).</td>
</tr>
<tr>
<td valign="top">CPF9DF1 E</td>
<td valign="top">The algorithm context token does not reference a valid algorithm context.</td>
</tr>
<tr>
<td valign="top">CPF9DF2 E</td>
<td valign="top">The algorithm context is not found or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DF3 E</td>
<td valign="top">Algorithm in algorithm context not valid for requested operation.</td>
</tr>
<tr>
<td valign="top">CPF9DF4 E</td>
<td valign="top">The key context token does not reference a valid key context.</td>
</tr>
<tr>
<td valign="top">CPF9DF5 E</td>
<td valign="top">The key context is not found or was previously destroyed.</td>
</tr>
<tr>
<td valign="top">CPF9DF6 E</td>
<td valign="top">Key can not be encrypted.</td>
</tr>
<tr>
<td valign="top">CPF9DF7 E</td>
<td valign="top">Algorithm context not compatible with key context.</td>
</tr>
<tr>
<td valign="top">CPF9DF8 E</td>
<td valign="top">Cryptographic device name not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DF9 E</td>
<td valign="top">Cryptographic device not found.</td>
</tr>
<tr>
<td valign="top">CPF9DFB E</td>
<td valign="top">Cryptographic service provider (CSP) conflicts with the key context CSP.</td>
</tr>
<tr>
<td valign="top">CPF9DFC E</td>
<td valign="top">The key-encrypting algorithm or key context token is not valid.</td>
</tr>
<tr>
<td valign="top">CPF9DFD E</td>
<td valign="top">Not authorized to device.</td>
</tr>
<tr>
<td valign="top">CPF9DFE E</td>
<td valign="top">Cryptographic device not available.</td>
</tr>
</table>
<br>
<hr>
API introduced: V5R3
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center"><td valign="middle" align="center">
<a href="#Top_Of_Page">Top</a>
| <a href="catcrypt.htm">Cryptographic Services APIs</a>
| <a href="aplist.htm">APIs by category</a>
</td></tr>
</table>
</center>
</body></html>