David, thanks. I had not parsed "cryptographic" that finely. Isn't SHA512 a 
*cryptographic* hash? Who knows if IBM is being that precise? Good thought.

I'm looking at https://ibm.co/2AqCDam (I'm running on V2R2.) It looks to me 
like SHA-512 and RSA 2048 are supported in FIPS mode.

Could it be something in the CA certificate? It looks like it is SHA-256 RSA 
2048, so it should be good also.

Grrr. Is there any way to get more diagnostic information out of gskkyman? Hmmm 
-- I see the GSK trace. I will try that.

I hate obscure error messages. Tell me what you are objecting to, darn it!

Charles


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of David W Noon
Sent: Monday, November 6, 2017 4:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What cryptographic algorithm is not supported?

On Mon, 6 Nov 2017 14:32:01 -0800, Charles Mills (charl...@mcn.org) wrote about 
"What cryptographic algorithm is not supported?" (in
<210a01d3574f$11063a10$3312ae30$@mcn.org>):

> I am trying to load a certificate and key into a FIPS-140 GSK 
> database. I am getting Status 0x03353003 - Cryptographic algorithm is 
> not supported. How would I know exactly what algorithm it is 
> complaining about? Here's an extract from the certificate and key:

You have 2 lines that mention algorithms:

>     Signature Algorithm: sha512WithRSAEncryption

>             Public Key Algorithm: rsaEncryption

(There is actually a 3rd one, but it is the same as the first.)

Now, SHA512 is a hashing algorithm, so that leaves RSA as your crypto algorithm.

I don't know why RSA would be unsupported, as it has been around since the late 
1970's. I can only infer that it has been dropped.
--
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
david.w.n...@googlemail.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to