I've got questions. :) > Our scenario: > We are running z/OS 2.2, Crypto Express 5 and FMID=HCR77B0
This is a little out of service but I think we can make this work. > We want to calculate a hash using sha-256 with a certain secret key (or > seed) that is provided by someone external (and given to us). We are not > sure how to store that key in the CKDS Dataset. The length of the key is 32 > bits and has the form of n(1)n(2)....n(32) where each n(i) is an > hexadecimal character (I don't know why...) I assume you mean 32 nibbles long (128 bits) because ICSF won't allow an HMAC key of less than 80 bits. Since you are on HCR77B0, you would convert it to binary and then use CSNBSKI2 to import clear key material as a secure key token. Doing this will require enabling SSM (special secure mode) in ICSF options dataset. Then, you can use CSNBKRC2 to put the token into the CKDS. > We already created and stored an AES master key in the cryptographic > hardware and we also changed the format of our CKDS in order to use HMAC. Perfect. > We tried different ways of putting this key in the CKDS using different > verbs, like using a REXX example from the web (HMAC Generation from a Clear > Key ) Do you have a link to that example? CSNBHMG doesn't allow clear key tokens until "Cryptographic Support for z/OS V2R2 - z/OS V2R4 (HCR77D1)" (five releases after the release you have). > In our mainframe we want to use the callable service (verb) CSNBHMG in a > Cobol program to calculate the hash using the key stored in the CKDS. This > output should be the same as the output using > (with the same key). To be clear, that page is treating the data as ASCII, so you will need to account for that in your COBOL (ensure that the data is kept as binary until it is HMACed. > Our biggest issue is how to put this secret key (or seed) in the CKDS > dataset. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
