The GENCERT, REKEY and RENEW command functions have been modified to allow ECC keys to be stored and retrieved from the ICSF PKDS. The GENCERT command can request that ICSF generate the key pair and store the private key. Specify PCICC and LABLPKDS when NISTECC or BPECC is specified to implement these changes. These changes require that ICSF be at the HCR7780 level or higher. If systems that have a back-leveled version of ICSF share the database, the system with the back-leveled ICSF is unable to access the private key.
Note: You no longer are required to specify PCICC to have the hardware generate the key; specifying LABLPKDS is sufficient. This applies to RSA and ECC keys. If you require an RSA key to be in Modulus-Exponent format, specify ICSF.
For additional information, see the Command Functions Guide.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|