My requirement is to generate PKA key pair and create signature on some data elements and send to other party, the other party will have my public key so it can verify my signature

The API I am using is

1. Create PKA Key token CSNDPKB

Key structure is

Modlen = 2048

Pubexplen = 3

Pubexp = 65537*256

Rule array = RSA-AESM + SIG-ONLY

Key token is built successfully

2. Generate PKA Key pair CSNDPKG

Rule Array = MASTER

Keyname = 'Test.PKA.01'

KeyNMLen = 64

Source Token length  = Length of source Token

Source Token  = Toke return from CSNDPKB

This API is work, and the PKA key pair is key store created as internal Key

3. Using step 2 Key pair to generate/Verify signature without any problem, 

4. When try to use CSNDPKX to extract public key

KeyNMlen = 3500

Keyname = 'Test. PKA.01'

it always return 8/47, "the source key token is unusable", so I dont believe the problem is in CSNDPKX, problem something wrong in CSNDPKB or CSNDPKG, 

does anyone know what is the problem or have sample code to yse CSNDPKB/CSNDPKG to create 2048 bits PKA key pair and can extract public key for other application

Hello James,

Are you passing a key token or key label to CSNDPKX?  If token, the length must be the actual length of the token.  If label, the length must be 64 bytes and the key label must be left justified and padded on the right with blanks .

Here is a sample:

https://www.ibm.com/developerworks/community/blogs/79c1eec4-00c4-48ef-ae2b-01bd8448dd6c/entry/Sample_Generate_an_RSA_key_to_use_for_generating_a_digital_signature_using_the_RSA_PKCS_PSS_formatting_method?lang=en_us

Hi, EChan

IBM has applied PTF SI68891, my code works now, thanks your informaiton