Keywords › DSA—Generate Keys with DSA

DSA—Generate Keys with DSA

Valid on z/OS.

Use the DSA keyword to specify that the key pair is generated using the Digital Signature Algorithm instead of the RSA algorithm. The DSA algorithm creates key pairs that can only be used to sign data. The RSA algorithm creates key pairs that can be used to sign data and to encrypt data. This parameter cannot be used with the ICSF, PCICC, NISTECC, or BPECC parameters. When specifying the DSA parameter, the KEYSIZE parameter can be as high as 2048.

This keyword has the following format:

TSS GENCERT(acid) DIGICERT( 8—byte name)
                  SUBJECTN(subject—name)
                  [LABLCERT( label name)]
                  [DSA]
                  [TRUST|NOTRUST]
	          KEYSIZE(512-2048)

This keyword is used with:

• The GENCERT and REKEY commands
• The ACID types User, DCA, VCA, ZCA, LSCA, and SCA
• ACID(MAINTAIN) and MISC4(CERTGEN) authority for users
• MISC4(CERTSITE) for authority CERTSITE ACIDs
• MISC4(CERTAUTH) for authority CERTAUTH ACIDs

Examples: DSA keyword

This example uses DSA to generate a key pair:

TSS GENCERT(user1) DIGICERT(cert0001)
                   SUBJECTN(CN=user1certificate)
                   DSA 
                   KEYSIZE(512)