DSA—Generate Keys with DSA

Valid on z/OS.

Use the DSA keyword to specify that the key pair is generated using the Digital Signature Algorithm instead of the RSA algorithm. The DSA algorithm creates key pairs that can only be used to sign data. The RSA algorithm creates key pairs that can be used to sign data and to encrypt data. This parameter cannot be used in conjunction with the ICSF or PCICC parameters. When specifying the DSA parameter, the KEYSIZE parameter can be as high as 2048.

This keyword has the following format:

TSS GENCERT(acid) DIGICERT( 8—byte name)
                  SUBJECTN(subject—name)
                  [LABLCERT( label name)]
                  [DSA]
                  [TRUST|NOTRUST]
                  [ICSF/PCICC]

This keyword is used with:

The GENCERT command
The ACID types User, DCA, VCA, ZCA, LSCA, and SCA
ACID(MAINTAIN) and MISC4(CERTGEN) authority for users
MISC4(CERTSITE) for authority CERTSITE ACIDs
MISC4(CERTAUTH) for authority CERTAUTH ACIDs

Examples: DSA keyword

This example uses DSA to generate a key pair:

TSS GENCERT(user1) DIGICERT(cert0001)
                   SUBJECTN(CN=user1certificate)
                   DSA 
                   KEYSIZE(2048)