David, thanks. I had not parsed "cryptographic" that finely. Isn't SHA512 a *cryptographic* hash? Who knows if IBM is being that precise? Good thought.
I'm looking at https://ibm.co/2AqCDam (I'm running on V2R2.) It looks to me like SHA-512 and RSA 2048 are supported in FIPS mode. Could it be something in the CA certificate? It looks like it is SHA-256 RSA 2048, so it should be good also. Grrr. Is there any way to get more diagnostic information out of gskkyman? Hmmm -- I see the GSK trace. I will try that. I hate obscure error messages. Tell me what you are objecting to, darn it! Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of David W Noon Sent: Monday, November 6, 2017 4:04 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: What cryptographic algorithm is not supported? On Mon, 6 Nov 2017 14:32:01 -0800, Charles Mills (charl...@mcn.org) wrote about "What cryptographic algorithm is not supported?" (in <210a01d3574f$11063a10$3312ae30$@mcn.org>): > I am trying to load a certificate and key into a FIPS-140 GSK > database. I am getting Status 0x03353003 - Cryptographic algorithm is > not supported. How would I know exactly what algorithm it is > complaining about? Here's an extract from the certificate and key: You have 2 lines that mention algorithms: > Signature Algorithm: sha512WithRSAEncryption > Public Key Algorithm: rsaEncryption (There is actually a 3rd one, but it is the same as the first.) Now, SHA512 is a hashing algorithm, so that leaves RSA as your crypto algorithm. I don't know why RSA would be unsupported, as it has been around since the late 1970's. I can only infer that it has been dropped. -- Regards, Dave [RLU #314465] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* david.w.n...@googlemail.com (David W Noon) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
