That could be another thread "most useless diagnostic ever." Right, that is the API call (apparently) that failed, but I don't think one knows that just from the error message. As I said, I got the same error message for presenting a certificate with a SHA-1 digest (I think). Presumably a different CMS API call but the same external message. Different action for the user.
I display certificates all the time. My script that issues OpenSSL certificates displays them at the end. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Kirk Wolf Sent: Tuesday, November 7, 2017 8:07 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: What cryptographic algorithm is not supported? Its not the worst diagnostic situation that I have seen on z/OS ( that award would go to the C-library OS I/O stuff IMO). In this case, the external API that failed is gsk_decode_import_key(), and if you look it up the error that you are getting is documented: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.gska100/msg34.htm The algorithm codes can be found in /usr/include gskcms.h x509_alg_pbeWithSha1And40BitRc2Cbc = 36, /* 1.2.840.113549.1.12.1.6 */ Kirk Wolf Dovetailed Technologies http://dovetail.com PS> If you want some "fun", take you X.509 cert and load it into a PS> ASN.1 tool that displays the whole ugly thing ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
