Join the IBM Crypto Education community to explore and understand IBM cryptography technology. This community is operated and maintained by the IBM Crypto Development team.
Cryptographic libraries have always had ways to calculate key verification patterns in order to confirm that the key sent by one party is the same key received by another.
Recently, it was pointed out that ICSF (implementing CCA) and TKE do not always use the same method, leading to difficulty in verifying that an operational key loaded by TKE is indeed the same one that ICSF has in its CKDS.
Here is a REXX sample that will take a CKDS label and return all the possible verification patterns for the key token or key block. Clear keys are not supported at this time to keep the sample simple. Let me know if this is something that is wanted.