In the end I had to use ICSF callable services as the use of an assembler routine was vetoed. Pity about that. However I do still have some questions about the use of ICSF in this case.
First I tried this: call csnbktb - build a token: --key_type = 'CLRDES --rule array = 'INTERNAL','DES','KEYLN8' --key_value = the eight byte DES key X'0123456789ABCDEF' Here's the token it built: 000000000000000002468ACE0000000000000000000000000000000000008C15 100000000000000013579BDF000000000000000000000000000000000000BF36 call csnbenc - encipher --key_identifier = the token created above --plaintext = eight bytes of plain text in ASCII --rule_array = 'CBC' This ended with return code 8 reason: 02F (47) A source key token is unusable because it contains data that is not valid or undefined. I was then told that an old module already existed which I could call to do this. I did, and it worked. It seems rather long winded though. It does this: CALL CSFKTB - build a token --KEY_TYPE = 'DATA ' --RULE ARRAY = 'INTERNAL' --KEY VALUE = 16 spaces CALL CSFSKI - Secure key import --KEY_TYPE = 'DATA ' --CLEAR_KEY = the eight byte DES key X'0123456789ABCDEF' --KEY_FORM = 'OP ' --key_identifier = the token generated by CSFKTB above CALL CSFENC - encipher --key_identifier = the token processed by CSFSKI above --clear_text = eight bytes of plain text in ASCII --rule_array = 'CUSP ' --cipher_text = output area for enciphered text This works, but why is it necessary to use 'CSFSKI - Secure key import' which according to the manual does this: "Use the secure key import callable service to encipher a single-length or double-length clear key under the system master key" ? So it seems my eight byte DES key of X'0123456789ABCDEF' is encrypted and then decrypted so that it can be used to encrypt the plain text. That doesn't seem to make sense to me. Any comments would be very welcome. Regards, John. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
