On Fri, 13 Aug 2021 16:16:37 -0300, Isabel wrote:
>
>Our scenario:
>We are running z/OS 2.2, Crypto Express 5 and FMID=HCR77B0
>
>We want to calculate a hash using sha-256 with a certain secret key (or
>seed) that is provided by someone external (and given to us). We are not
>sure how to store that key in the CKDS Dataset. The length of the key is 32
>bits and has the form of n(1)n(2)....n(32) where each n(i) is an
>hexadecimal character (I don't know why...)
>
Are you trying to generate a digital signature? Or transmit a message
securely? It's a well-traveled winding trail:
https://www.newera.com/INFO/Digital_Certificates_6-30-21.pdf
There's also a video. I don't find a URL readily. Is "someone external"
reinventing the wheel?
>We already created and stored an AES master key in the cryptographic
>hardware and we also changed the format of our CKDS in order to use HMAC.
>
>We tried different ways of putting this key in the CKDS using different
>verbs, like using a REXX example from the web (HMAC Generation from a Clear
>Key )
>
> In our mainframe we want to use the callable service (verb) CSNBHMG in a
>Cobol program to calculate the hash using the key stored in the CKDS. This
>output should be the same as the output using
>https://www.freeformatter.com/hmac-generator.html#ad-output (with the same
>key).
>
>Our biggest issue is how to put this secret key (or seed) in the CKDS
>dataset.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
