Thanks very much for the big help. I had no idea that creating a new RSA token could also create an instantly workable token. For some reason I was under the impression a create or import function was required to make the new token usable.

I'll test this out today.

Developer, but does everything.

Original Message:

Sent: Thu February 15, 2024 11:53 PM

From: Eleanor Chan

Subject: using just the RSA keys without certificate wrappers

Yes, you can use CSNDPKB. Here is some sample rexx.

RSA_Mod2048_public_exponent = '00010001'x

RSA_Mod2048_modulus = ,

'C22B24A1DA33FBB74F9B152A32DF35F4DD501F35684E4A4DE2B1344E93C00B27'x||,

'1A3DC0321B1D71A96ED3BB14D46FC4B8814964B20879BB64CD293336543878F2'x||,

'B35BE326A4F18BA3A1322D31AB5358C4BA91E90B67FCAB5D084E14D5B70BF738'x||,

'2753480B7318AFB98409FF9CBE38421B7BCCBCF1978FEF5F63D79CFFA8251838'x||,

'2AA8D48C7E71BBE26B68970F7AA06FBC5E684362DCBC9FB269C357C2F8505778'x||,

'CAD327B0F893C532636C50E15A593B42EB74EE178530B2B9462E9C2620CCFE93'x||,

'8C145E40EEEB50218EBE04E7951FDB8F47675F0E61ACF363B36AFF3D87E76924'x||,

'29339BEBAF8D7956E151706F978EDFA0CD91B3CC38D460491149A6F9ACEA8403'x

/*********************************************************************/

/* Build the RSA public key */

/*********************************************************************/

PKB_rule_array_count = '00000001'x

PKB_rule_array = 'RSA-PUBL' ;

PKB_kvs = '0800'x ||, /* modulus bit length */

'0100'x ||, /* modulus field length */

'0004'x ||, /* pub exp field length */

'0000'x ||, /* priv exp field length */

RSA_Mod2048_modulus ||,

RSA_Mod2048_public_exponent

PKB_kvs_length = d2c(length(PKB_kvs),4)

------------------------------

Eleanor Chan

Original Message:

Sent: Thu February 15, 2024 06:07 PM

From: Mark Vollmer

Subject: using just the RSA keys without certificate wrappers

Thanks. Unfortunately all I have is a public 256 byte RSA key. I've looked into PKA Key Import function. It says it imports only pub-priv key pairs. And all I have is a public RSA key.

Can the PKA Key Import function import just a 256 byte RSA key? Is there another function I can use to import this RSA key into a token I can use for the CSNDSYX call?

Thanks,

Mark

------------------------------

Mark Vollmer

Developer, but does everything.

CV Systems, LLC

Original Message:

Sent: Thu February 15, 2024 10:52 AM

From: Eleanor Chan

Subject: using just the RSA keys without certificate wrappers

CSNDSYX will accept

- an RSA public key token or key label
- an RSA private key token or key label
- an X.509 certificate containing the RSA public key

------------------------------

Eleanor Chan

Original Message:

Sent: Thu February 15, 2024 10:10 AM

From: Mark Vollmer

Subject: using just the RSA keys without certificate wrappers

I get to work with a system that does not supply public keys in certificate form. I get only the key. I'm supposed to use a default for the exponent.

One call I'd like to make is to use the RSA public key to encrypt a DES key. I believe that I'd use Symmetric Key Export (CSNDSYX) to perform that function. However, reading the documentation does appear to require x.509 certificates for the RSA keys. Am I reading this wrong?

Should I and could I get the RSA key into some CCA token form that is usable by CSNDSYX?

Mulitiple Clear Key Import does not work on RSA keys.

Guidance on how to make this happen would very much be appreciated.

Thanks,

------------------------------

Mark Vollmer

Developer, but does everything.

CV Systems, LLC

------------------------------