82:7D:1F:EF:53:DB:3D:E1:14:62:03:49:34:16:A2:92:D9:46:51:1E
> Sent: Tuesday, November 07, 2017 at 10:40 AM
> From: "Charles Mills"
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: What cryptographic algorithm is not supported?
>
> That could be another thread "most us
SERV.UA.EDU] On Behalf
Of Kirk Wolf
Sent: Tuesday, November 7, 2017 8:07 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What cryptographic algorithm is not supported?
Its not the worst diagnostic situation that I have seen on z/OS ( that award
would go to the C-library OS I/O stuff IMO).
In
IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: What cryptographic algorithm is not supported?
>
> Okay, I got trace information out of gskkyman. What do you make of this?
>
> INFO crypto_des3_encrypt_ctx(): Clear key DES3 encryption performed for 8
> bytes
> INFO cryp
On Tue, 7 Nov 2017 08:53:48 -0600, Edward Gould wrote:
>
>May I make an observation, please?
>
>... IBM standards which indicate e,s,i etc at the end to indicate severity ...
>
Oh, come on! As long as I can remember, various fatal JCL and excution error
messages have had an "I" suffix. This seem
> On Nov 6, 2017, at 7:55 PM, Charles Mills wrote:
>
> Got it! The only password encryption algorithm (PBE) supported for FIPS mode
> is pbeWithSha1And3DesCbc.
>
> In OpenSSL PCKS12, I needed to add -certpbe PBE-SHA1-3DES
>
> Sheesh! Would a more specific error message kill them?
>
> Charles
I see what you did there ;-)
On Tue, Nov 7, 2017 at 1:34 AM, Timothy Sipples wrote:
> However, it'd be lovely if you would submit a RFE (not PMR) to IBM to
> expand that PBE-related GSK error message handling in some reasonable way
> PDQ, possibly resulting in a PTF that you'd install in zFS via
In fairness, "PBE" (Password-Based Encryption) is a common term of art in
cryptography. OpenSSL and LibreSSL are among the many tools that use the
same TLA (three letter acronym) copiously.
However, it'd be lovely if you would submit a RFE (not PMR) to IBM to
expand that PBE-related GSK error mess
[mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Charles Mills
Sent: Monday, November 6, 2017 5:41 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What cryptographic algorithm is not supported?
Okay, I got trace information out of gskkyman. What do you make of this?
INFO crypto_des3_encrypt_ctx(): Clear
n List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Charles Mills
Sent: Monday, November 6, 2017 5:00 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What cryptographic algorithm is not supported?
David, thanks. I had not parsed "cryptographic" that finely. Isn't SHA512 a
*cryptographic* hash? W
are objecting to, darn it!
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of David W Noon
Sent: Monday, November 6, 2017 4:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: What cryptographic algorithm is not supported?
On Mon,
On Mon, 6 Nov 2017 14:32:01 -0800, Charles Mills (charl...@mcn.org)
wrote about "What cryptographic algorithm is not supported?" (in
<210a01d3574f$11063a10$3312ae30$@mcn.org>):
> I am trying to load a certificate and key into a FIPS-140 GSK database. I am
> get
X-Posted IBM-MAIN and MVS-OE.
I am trying to load a certificate and key into a FIPS-140 GSK database. I am
getting Status 0x03353003 - Cryptographic algorithm is not supported. How
would I know exactly what algorithm it is complaining about? Here's an
extract from the certificate and key:
C
12 matches
Mail list logo
