IBM Computer Hardware 2 User Manual Page 110
- Page / 508
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
CCA Release 2.54
Using the Private Key at Multiple Nodes
You can arrange to use a private key at multiple nodes if the nodes have the same
asymmetric master-key, or if you arrange to have the same transport key installed
at each of the target nodes. In the latter case, you need to arrange to have the
transport key under which the private key is enciphered installed at each target
node.
Having the private key installed at multiple nodes enables you to provide increased
service levels for greater throughput, and to maintain operation when a primary
node goes out of service. Of course, having a private key installed at more than
one node increases the risk of someone misusing or compromising the key. You
have to weigh the advantages and disadvantages as you design your system or
systems.
Extracting a Public Key
CCA PKA key generation returns a public-private key-pair in a single key-token
(provided your application is not retaining the private key within the Coprocessor).
You can obtain a key token with only the public-key information using the
PKA_Public_Key_Extract verb.
If you use the public-private key token in verbs that only require the public key, the
implementation may attempt to recover the private key which in the usual case
would fail (since normally the private key should not be usable where use is being
made of the public key).
Registering and Retaining a Public Key
You can use the PKA_Public_Key_Hash_Register and the
PKA_Public_Key_Register verbs to “register” a public key in the secure
cryptographic engine under dual-control. Authorize the related commands in two
different roles to enforce a dual control policy. Your applications can subsequently
reference the registered public key stored within the engine with the confidence that
the key has been entered under dual control. Note that the
Master_Key_Distribution verb makes use of registered RSA public keys in the
master-key shares distribution scheme.
3-6 IBM 4758 CCA Basic Services, Release 2.54, February 2005
- Release 2.54 1
- IBM iSeries PCICC Feature 1
- Contents 3
- CCA Release 2.54 10
- Trademarks 13
- About This Publication 15
- Release 2.52 16
- Release 2.51 16
- Release 2.41 17
- About This Publication xix 19
- Organization 22
- Related Publications 23
- Cryptography Publications 23
- Overlapped Processing 31
- CCA Access-Control 40
- Understanding Access Control 40
- Role-Based Access Control 40
- Understanding Roles 41
- Understanding Profiles 42
- Logging On and Logging Off 45
- Multi-Coprocessor Capability 48
- Establishing Master Keys 51
- Logon_Control (CSUALCT) 90
- Master_Key_Process (CSNBMKP) 97
- Related Information 100
- Random_Number_Tests (CSUARNT) 102
- Restrictions 102
- Parameters 102
- Required Commands 103
- Chapter 3. RSA Key-Management 105
- Key Generation 106
- Key Import 108
- Using the PKA Keys 109
- Extracting a Public Key 110
- PKA_Key_Generate (CSNDPKG) 111
- PKA_Key_Import (CSNDPKI) 115
- PKA_Key_Token_Build (CSNDPKB) 118
- CCA Release 2.54 122
- Digital Signatures 136
- MDC_Generate (CSNBMDG) 144
- One_Way_Hash (CSNBOWH) 147
- Chapter 5. DES Key-Management 151
- Control Vectors 154
- Key Types 155
- Key-Usage Restrictions 156
- Key Tokens 162
- Key Labels 164
- Key Identifiers 164
- Installing and Verifying Keys 165
- Generating Keys 166
- Diversifying Keys 169
- Storing Keys in Key Storage 170
- Security Precautions 171
- Clear_Key_Import (CSNBCKI) 172
- Data_Key_Export (CSNBDKX) 181
- Data_Key_Import (CSNBDKM) 183
- Key_Export (CSNBKEX) 192
- Key_Generate (CSNBKGN) 194
- Key-Length Specification 199
- Key_Import (CSNBKIM) 201
- CCA Release 2.54 Key_Import 203
- Key_Part_Import (CSNBKPI) 204
- Key_Test (CSNBKYT) 208
- Key_Token_Build (CSNBKTB) 211
- Key_Token_Change (CSNBKTC) 214
- Key_Token_Parse (CSNBKTP) 216
- Key_Translate (CSNBKTR) 219
- PKA_Decrypt (CSNDPKD) 223
- PKA_Encrypt (CSNDPKE) 225
- PKA_Encrypt CCA Release 2.54 226
- Ensuring Data Confidentiality 243
- Ensuring Data Integrity 245
- Decipher (CSNBDEC) 247
- Decipher CCA Release 2.54 248
- Encipher (CSNBENC) 250
- CCA Release 2.54 Encipher 251
- MAC_Generate (CSNBMGN) 253
- MAC_Verify (CSNBMVR) 256
- Chapter 7. Key-Storage Verbs 259
- Key-Label Content 260
- DES_Key_Record_List (CSNBKRL) 265
- PKA_Key_Record_List (CSNDKRL) 273
- PKA_Key_Record_Read (CSNDKRR) 275
- Retained_Key_List (CSNDRKL) 280
- Processing Financial PINs 284
- PIN-Verb Summary 287
- Providing Security for PINs 288
- PIN Security 289
- PIN-Calculation Methods 290
- Data_Array 290
- PIN Profile 292
- PIN-Extraction Methods 294
- Working With EMV Smart Cards 295
- Clear_PIN_Encrypt (CSNBCPE) 297
- Clear_PIN_Generate (CSNBPGN) 300
- CVV_Generate (CSNBCSG) 309
- CVV_Verify (CSNBCSV) 312
- PIN_Change/Unblock (CSNBPCU) 334
- SET_Block_Compose (CSNDSBC) 348
- SET_Block_Decompose (CSNDSBD) 352
- Return Codes 361
- Reason Codes 361
- Return Code 0 362
- Return Code 4 363
- Return Code 8 364
- Return Code 12 370
- Return Code 16 371
- Appendix B. Data Structures 373
- Null Key-Token 374
- DES Key-Tokens 375
- External DES Key-Token 377
- RSA PKA Key-Tokens 378
- RSA Key-Token Sections 379
- PKA Key-Token Integrity 380
- Chaining-Vector Records 392
- Key-Storage Records 393
- Key_Record_List Data Set 397
- Role Structure 401
- Aggregate Role Structure 402
- Access-Control-Point List 402
- Default Role Contents 403
- Profile Structure 404
- Aggregate Profile Structure 405
- Authentication Data Structure 405
- User Profile 408
- Role Data Structure 411
- Aggregate Role Data Structure 412
- Function Control Vector 414
- Encryption 417
- Changing Control Vectors 432
- Mask Array Preparation 436
- Notation Used in Calculations 444
- MDC-1 Calculation 444
- MDC-2 Calculation 445
- MDC-4 Calculation 445
- Ciphering Methods 445
- ANSI X9.23 447
- MAC Calculation Methods 453
- RSA Key-Pair Generation 455
- Access-Control Algorithms 456
- ANSI X9.31 Hash Format 459
- PKCS #1 Formats 459
- PIN-Calculation Methods 462
- PIN-Block Formats 469
- 3624 PIN-Block Format 469
- ISO-0 PIN-Block Format 470
- ISO-1 PIN-Block Format 471
- ISO-2 PIN-Block Format 472
- UKPT Calculation Methods 473
- CVV and CVC Method 476
- PIN-Block Self-encryption 479
- Appendix F. Verb List 481
- List of Abbreviations 491
- Glossary 493
- Numerics 499
- PDF File 508
Related products and manuals for Software IBM Computer Hardware 2
Software IBM SG24-5131-00 User Manual
(240 pages)
(240 pages)
Software IBM AS/400 User Manual
(489 pages)
(489 pages)
Software IBM CISCO R2E2 User Manual
(110 pages)
(110 pages)
Software IBM NETCOOL 4.3-W User Manual
(516 pages)
(516 pages)
Software IBM Server OS/390 User Manual
(76 pages)
(76 pages)
Software IBM Switch 15 User Manual
(270 pages)
(270 pages)
Software IBM SC34-7012-01 User Manual
(268 pages)
(268 pages)
Software IBM SC41-5420-04 User Manual
(116 pages)
(116 pages)
Software IBM Transaction Server OS User Manual
(103 pages)
(103 pages)
Software IBM SC34-5764-01 User Manual
(481 pages)
(481 pages)
Software IBM TIVOLI SC32-0129-00 User Manual
(82 pages)
(82 pages)
Software IBM G325-2585-02 User Manual
(90 pages)
(90 pages)
Software IBM SG24-6526-00 User Manual
(184 pages)
(184 pages)
Software IBM SC33-1686-02 User Manual
(317 pages)
(317 pages)
Software IBM 5697-VM3 User Manual
(6 pages)
(6 pages)
Software IBM DS6000 User Manual
(406 pages)
(406 pages)
Software IBM CDI5UG1107 User Manual
(178 pages)
(178 pages)
Software IBM GC28-1982-02 User Manual
(216 pages)
(216 pages)
Software IBM 12.1(22)EA6 User Manual
(550 pages)
(550 pages)
© 2020, manymanuals.com. All rights reserved. | 0.289 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals