Key Management Service Calls

GENPUBKEYPAIR

Parameter Descriptions:

ALGID:

Specifies the algorithm used for enciphering:

ENCRYPTEXP:

Specifies the encryption exponent used:

LEN:

Specifies the length of the keys in bits

PRIKEYID:

Specifies the address that points to the character string containing the identity of the private key.

PUBKEY:

Specifies the address that points to the string of bytes containing the public key data.

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

Based on the ALGID and ENCRYPTEXP specified, this service call generates a public/private key pair of length LEN indexed by the user identification known by the host. The private key is stored in secure memory as PRIKEYID. The service call returns the PUBKEY and the resulting STATUS to the host.
STORECERTIFICATE

Parameter Descriptions:

CERTLEN:

Specifies the length of the certificate in bytes

CERTIFICATE:

Specifies the address that points to the string of bytes containing the signed data item produced when a Certification Authority representing an organization applies a digital signature to a collection of data consisting of, at minimum, the following information: USERID, CAID, CASERIALNO, PUBKEY, EXPDATE, ALGID.

CERTID:

Specifies the address that points to the character string containing the identity of the certificate

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call stores the contents of CERTIFICATE of length CERTLEN in the Cryptographic Module (CM) under the identity of CERTID and returns the resulting STATUS to the host.
RETRIEVECERTIFICATE

Parameter Descriptions:

CERTID:

Specifies the address that points to the character string containing the identity of the certificate

CERTLEN:

Specifies the length of the certificate in bytes

CERTIFICATE:

Specifies the address that points to the string of bytes containing the signed data item produced when a Certification Authority representing an organization applies a digital signature to a collection of data consisting of, at minimum, the following information: USERID, CAID, CASERIALNO, PUBKEY, EXPDATE, ALGID.

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call retrieves the CERTIFICATE identified by CERTID from the Cryptographic Module (CM). It returns the CERTIFICATE, the length of the certificate CERTLEN, and the resulting STATUS to the host.
DELETEPRIKEY

Parameter Descriptions:

PRIKEYID:

Specifies the address that points to the character string containing the identity of the private key

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call allows the private key associated with PRIKEYID to be deleted by the owner of that key. The service call returns the resulting STATUS to the host.
*DELETECERTIFICATE

Parameter Descriptions:

CERTID:

Specifies the address that points to the character string containing the identity of the certificate

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call deletes the certificate associated with CERTID. The service call returns the resulting STATUS to the host.
PUBEXPORTKEY

Parameter Descriptions:

ALGID:

Specifies the algorithm used for enciphering:

KEYID:

Specifies the address that points to the character string containing the name of the key to be exported

CERTID:

Specifies the address that points to the character string containing the identity of the certificate

ENCRYPTEDKEY:

Specifies the address that points to the string of bytes containing the encrypted key value of KEYID

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call uses the ALGID specified along with the public key obtained from the certificate associated with CERTID from the Cryptomodule's Database and uses this key to RSA encrypt the key associated with KEYID.It returns the ENCRYPTEDKEY and the resulting STATUS to the host.
PUBIMPORTKEY

Parameter Descriptions:

ALGID:

Specifies the algorithm used for enciphering:

KEYID:

Specifies the address that points to the character string containing the name of the key to be imported

PRIKEYID:

Specifies the address that points to the character string containing the identity of the private key used to decipher KEYID

ENCRYPTEDKEY:

Specifies the address that points to the string of bytes containing the encrypted key value of KEYID

STATUS:

Specifies the address that points to the data storage that will receive the result of processing the service call.

This service call uses the ALGID specified to retrieve the private key associated with PRIKEYID and the user identification supplied by the host from the Cryptomodule's Database and uses this key to RSA decrypt the key associated with ENCRYPTEDKEY. It stores the decrypted key called KEYID in the Key Database and returns the resulting STATUS to the host.