Encrypt Data (QC3ENCDT, Qc3EncryptData) API
Required Parameter Group:
1 | Clear data | Input | Char(*) |
2 | Length of clear data | Input | Binary(4) |
3 | Clear data format name | Input | Char(8) |
4 | Algorithm description | Input | Char(*) |
5 | Algorithm description format name | Input | Char(8) |
6 | Key description | Input | Char(*) |
7 | Key description format name | Input | Char(8) |
8 | Cryptographic service provider | Input | Char(1) |
9 | Cryptographic device name | Input | Char(10) |
10 | Encrypted data | Output | Char(*) |
11 | Length of area provided for encrypted data | Input | Binary(4) |
12 | Length of encrypted data returned | Output | Binary(4) |
13 | Error code | I/O | Char(*) |
Service Program Name: QC3DTAEN
Default Public Authority: *USE
Threadsafe: Yes
The Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API protects data privacy by scrambling clear data into an unintelligible form. To recover the clear data from the encrypted data, use the Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API.
Information on cryptographic standards can be found in Create Algorithm Context (OPM, QC3CRTAX; ILE, Qc3CreateAlgorithmContext) API.
Authorities and Locks
- Required device description authority
- *USE
- Required file authority
- *OBJOPR, *READ
Required Parameter Group
- Clear data
- INPUT; CHAR(*)
The data to encrypt.
The format of the clear data is specified in the clear data format name parameter - Length of clear data
- INPUT; BINARY(4)
For clear data format DATA0100, this is the length of the data to encrypt. For restrictions on the length of clear data, refer to the clear data length field below.
For clear data format DATA0200, this is the number of entries in the array. - Clear data format name
- INPUT; CHAR(8)
The format of the clear data parameter.
The possible format names follow.- DATA0100
- The clear data parameter contains the data to encrypt.
- DATA0200
- The clear data parameter contains an array of pointers and lengths to the
data to encrypt.
See Clear Data Formats for a description of this format.
- Algorithm description
- INPUT; CHAR(*)
The algorithm and associated parameters for encrypting the data.
The format of the algorithm description is specified in the algorithm description format name parameter. - Algorithm description format name
- INPUT; CHAR(8)
The format of the algorithm description.
The possible format names follow.- ALGD0100
- The token for an algorithm context. This format must be used when
performing the encrypt operation over multiple calls. After the last call (when
the final operation flag is on), the context will reset to its initial state
and can be used in another API. To create an algorithm context, use
the Create Algorithm Context (OPM, QC3CRTAX; ILE,
Qc3CreateAlgorithmContext) API.
- ALGD0200
- Parameters for a block cipher algorithm (DES, Triple DES, AES, and
RC2).
- ALGD0300
- Parameters for a stream cipher algorithm (RC4-compatible).
- ALGD0400
- Parameters for a public key algorithm (RSA).
See Algorithm Description Formats for a description of these formats.
- Key description
- INPUT; CHAR(*)
The key to use for encrypting the data.
The format of the key description is specified in the key description format name parameter.
If the encrypt operation extends over multiple calls (see ALGD0100 description above), only the key description from the first call will be used. Therefore, on subsequent calls, you may set the pointer to this parameter to NULL. - Key description format name
- INPUT; CHAR(8)
The format of the key description.
If the pointer to the key description parameter is NULL, this parameter will be ignored.
The possible format names follow.- KEYD0100
- Key context token. This format identifies a key context. A key context is
used to store a key value so it need not be recreated or retrieved every time it
is used. To create a key context, use the
Create Key Context (OPM, QC3CRTKX;
ILE, Qc3CreateKeyContext) API.
- KEYD0200
- Key parameters.
- KEYD0400
- Keystore label. This format identifies a key from keystore. For more
information on cryptographic services keystore, see the Cryptographic Services Keystore topic.
- KEYD0500
- PKCS5 passphrase. This format derives a key using RSA Data Security,
Inc. Public-Key Cryptography Standard (PKCS) #5.
- KEYD0600
- PEM certificate. This format uses the PKA key in an ASCII encoded
PEM based certificate.
- KEYD0700
- Certificate label. This format uses the public PKA key identified by a
label into system certificate keystore (*SYSTEM).
- KEYD0800
- Distinguished name. This format uses the public PKA key identified by a
distinguished name for a certificate in system certificate keystore
(*SYSTEM).
- KEYD0900
- Application identifier. This format uses the private PKA key identified by
an application identifier. The application identifier must be assigned to a
valid certificate label in system certificate keystore (*SYSTEM).
See Key Description Formats for a description of these formats.
- Cryptographic service provider
- INPUT; CHAR(1)
The cryptographic service provider (CSP) that will perform the encryption operation.
0 Any CSP.
The system will choose an appropriate CSP to perform the encryption operation.1 Software CSP.
The system will perform the encryption operation using software. If the requested algorithm is not available in software, an error is returned.2 Hardware CSP.
The system will perform the encryption operation using cryptographic hardware. If the requested algorithm is not available in hardware, an error is returned. A specific cryptographic device can be specified using the cryptographic device name parameter. If the cryptographic device is not specified, the system will choose an appropriate one.
- Cryptographic device name
- INPUT; CHAR(10)
The name of a cryptographic device description.
This parameter is valid when the cryptographic service provider parameter specifies 2 (hardware CSP). Otherwise, this parameter must be blanks or the pointer to this parameter set to NULL. - Encrypted data
- OUTPUT; CHAR(*)
The area to store the encrypted data.
- Length of area provided for encrypted data
- INPUT; BINARY(4)
The length of the encrypted data parameter.
If the mode of operation is CFB 1-bit, this length must be specified in bits.
If the length of area provided for encrypted data is too small, an error will be generated and no data will be returned in the encrypted data parameter. -
Block ciphers The encrypted data parameter must be greater than or equal to the length of clear data. If padding and performing final processing, the encrypted data parameter must be large enough to include the pad characters. For more information, refer to the pad option description. Stream ciphers The encrypted data parameter must be greater than or equal to the length of clear data. PKA ciphers The encrypted data parameter must be greater than or equal to the key size.
- Length of encrypted data returned
- OUTPUT; BINARY(4)
The length of encrypted data returned in the encrypted data parameter.
If the mode of operation is CFB 1-bit, this length will be returned in bits.
- Error code
- I/O; CHAR(*)
The structure in which to return error information.
For the format of the structure, see Error code parameter.
Clear Data Formats
For detailed descriptions of the table fields, see Clear Data Formats Field Descriptions.DATA0200 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
These fields repeat. | PTR(SPP) | Clear data pointer | |
BINARY(4) | Clear data length | ||
CHAR(12) | Reserved |
Clear Data Formats Field Descriptions
- Clear data length
- The length of data to encrypt. Some cipher algorithms have restrictions on the clear data length.
-
- DES, Triple DES, AES, RC2
- When mode is 0 (ECB), 1 (CBC), 2 (OFB), or 5 (CFB 64-bit) and pad option is 0 (no pad), the total of the clear data lengths for the entire encrypt operation must be a multiple of the block length. For mode 3 (CFB 1-bit), the clear data length is specified in bits, not bytes.
- RSA
- For PKA block formats 0, 1, and 2, the clear data length must be at least 11 bytes shorter than the key size. For PKA block format 4, the data to encrypt must be shorter than or equal to the key size.
- Clear data pointer
- A space pointer to the data to encrypt.
- Reserved
- Must be null (binary 0s).
Algorithm Description Formats
For detailed descriptions of the table fields, see Algorithm Description Formats Field Descriptions. For algorithm standards and resources, see Create Algorithm Context (OPM, QC3CRTAX; ILE, Qc3CreateAlgorithmContext) API.ALGD0100 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | CHAR(8) | Algorithm context token |
8 | 8 | CHAR(1) | Final operation flag |
ALGD0200 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Block cipher algorithm |
4 | 4 | BINARY(4) | Block length |
8 | 8 | CHAR(1) | Mode |
9 | 9 | CHAR(1) | Pad option |
10 | A | CHAR(1) | Pad character |
11 | B | CHAR(1) | Reserved |
12 | C | BINARY(4) | MAC length |
16 | 10 | BINARY(4) | Effective key size |
20 | 14 | CHAR(32) | Initialization vector or counter |
ALGD0300 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Stream cipher algorithm |
ALGD0400 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Public key cipher algorithm |
4 | 4 | CHAR(1) | PKA block format |
5 | 5 | CHAR(3) | Reserved |
8 | 8 | BINARY(4) | Signing hash algorithm |
Algorithm Description Formats Field Descriptions
- Algorithm context token
- A token for an algorithm context. The algorithm context is created by using
the Create Algorithm Context (OPM, QC3CRTAX; ILE,
Qc3CreateAlgorithmContext) API.
- Block cipher algorithm
- The encryption algorithm. Following are the valid block cipher algorithms.
20 DES 21 Triple DES 22 AES 23 RC2
- Block length
- The algorithm block length. For DES, Triple DES, and RC2 the block length
field must specify 8. The valid block length values for AES are 16, 24, and
32.
- Effective key size
- For RC2, the number of key bits to use in the cipher operation. Valid
values are from 1 to 1024. If RC2 is not specified for the block cipher
algorithm, this field must be set to 0.
- Final operation flag
- The final processing indicator.
0 Continue.
The system will not perform final processing and the algorithm context will maintain the state of the operation. The algorithm context can be used on future calls to this API to continue the encryption operation.1 Final.
The system will perform final processing (e.g. padding) and the algorithm context will reset to its initial state. The algorithm context can then be used to begin a new cryptographic operation (encrypt, decrypt, etc.). When performing a final operation, the pointer to the clear data parameter may be set to NULL and the length of clear data parameter set to 0. This option must be specified if performing RSA encryption.
- Initialization vector or counter
- An initialization vector (IV) is used for modes CBC, OFB, CFB, and CUSP.
A counter is used for CTR mode. Refer to the mode standards for an
explanation of how each mode uses the IV or counter.
This field is not used for ECB mode, and must be set to NULL (binary 0s).
For DES, Triple DES, and RC2, the first 8 bytes are used as the IV/counter. For AES, the length is that specified by block length.
The IV/Counter need not be secret, but it should be unique for each message. For CBC, CFB, and CUSP modes, the IV must be significantly unique. If not unique, it may compromise security.
The IV can be any value. To obtain a good random IV or counter value, use the Generate Pseudorandom Numbers (OPM, QC3GENPRN; ILE, Qc3GenPRNs)API.
- MAC length
- This field is not used on an encrypt operation and must be set to null
(binary 0s).
- Mode
- The mode of operation. Information on modes can be found in FIPS PUB 81,
NIST Special Publication 800-38A, and ANSI X9.52. Following are the valid modes.
0 ECB. 1 CBC. 2 OFB. Not valid with AES or RC2. 3 CFB 1-bit. Not valid with AES or RC2. 4 CFB 8-bit. Not valid with AES or RC2. 5 CFB 64-bit. Not valid with AES or RC2. 6 CUSP. CUSP is a special type of CBC mode documented in the z/OS® ICSF Application Programmer's Guide (SA22-7522). It is used for handling data not a multiple of the block length. The length of encrypted data in CUSP mode will always equal the length of clear text data. 7 CTR. Only valid with AES.
- Pad character
- The pad character for pad option 1. Using hex 00 as the pad character is
equivalent to ANSI X9.23 padding.
- Pad option
- If requested, padding is performed at the end of the encrypt operation. Be
sure the encrypted data parameter is large enough to include any padding. The
data will be padded up to the next block length byte multiple. For example,
when using DES and total data to encrypt is 20, the text is padded to 24. The
last byte is filled with a 1-byte binary counter containing the number of pad
characters used. The preceeding pad characters are filled as specified by this
field. Padding is not performed for modes CFB 1-bit, CFB 8-bit, and CUSP. In these
cases, the pad option must be set to 0. Following are the valid pad options.
0 No padding is performed. 1 Use the character specified in the pad character field for padding. 2 The pad counter is used as the pad character. This is equivalent to PKCS #5 padding.
- PKA block format
- The public key algorithm block format. Following are the valid values.
0 PKCS #1 block type 00 1 PKCS #1 block type 01 2 PKCS #1 block type 02
This format is recommended when encrypting non-hash items (such as keys). The other formats are normally used in sign and verify functions.4 Zero pad
The clear data is placed in the low-order bit positions of a string of the same bit-length as the key modulus. All leading bits are set to zero.6 OAEP
- Public key cipher algorithm
- The encryption algorithm. Following are the valid public key cipher
algorithms.
50 RSA
- Reserved
- Must be null (binary 0s).
- Signing hash algorithm
- This field is not used on an encrypt operation and must be set to null
(binary 0s).
- Stream cipher algorithm
- The encryption algorithm. Following are the valid stream cipher algorithms.
30 RC4-compatible
Key Description Formats
For detailed descriptions of the table fields, see Key Description Formats Field Descriptions.KEYD0100 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | CHAR(8) | Key context token |
KEYD0200 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Key type |
4 | 4 | BINARY(4) | Key string length |
8 | 8 | CHAR(1) | Key format |
9 | 9 | CHAR(3) | Reserved |
12 | C | CHAR(*) | Key string |
KEYD0400 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | CHAR(20) | Qualified keystore file name |
20 | 14 | CHAR(32) | Record label |
52 | 34 | CHAR(4) | Reserved |
KEYD0500 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Key type |
4 | 4 | BINARY(4) | Derived key length |
8 | 8 | BINARY(4) | Iteration count |
12 | C | BINARY(4) | Salt length |
16 | 10 | CHAR(16) | Salt |
32 | 20 | BINARY(4) | Passphrase CCSID |
36 | 24 | BINARY(4) | Passphrase length |
40 | 28 | CHAR(*) | Passphrase |
KEYD0600 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | PEM certificate length |
4 | 4 | CHAR(4) | Reserved |
8 | 8 | CHAR(*) | PEM certificate |
KEYD0700 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Certificate label length |
4 | 4 | CHAR(4) | Reserved |
8 | 8 | CHAR(*) | Certificate label |
KEYD0800 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Distinguished name length |
4 | 4 | CHAR(4) | Reserved |
8 | 8 | CHAR(*) | Distinguished name |
KEYD0900 Format
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Application identifier length |
4 | 4 | CHAR(4) | Reserved |
8 | 8 | CHAR(*) | Application identifier |
Key Description Formats Field Descriptions
- Application identifer
- The application ID assigned to a certificate with a private key in system
certificate keystore (*SYSTEM).
- Application identifier length
- The length of the application ID. The length can not be greater than 32.
- Certificate label
- The label of the certificate in system certificate keystore (*SYSTEM). The
certificate's public key will be used in the encryption operation.
- Certificate label length
- The length of the certificate label.
- Derived key length
- The length of key requested. The minimum allowed length is 1.
- Distinguished name
- The distinguished name of the certificate in system certificate keystore
(*SYSTEM). The certificate's public key will be used in the encryption
operation.
- Distinguished name length
- The length of the distinguished name.
- File name
- The name of a keystore file. Keystore files are created by using the
Create Keystore (OPM, QC3CRTKS;
ILE, Qc3CreateKeyStore) API.
- Iteration count
- Used to greatly increase the cost of an exhaustive search while modestly increasing the cost of key derivation. The minimum allowed value is 1. The standard recommends a minimum of 1000. The maximum allowed length is 100,000.
- Key context token
- A token for a key context. The key context is created by using the Create Key Context (OPM, QC3CRTKX; ILE, Qc3CreateKeyContext) API.
- Key format
- The format of the key string field. Following are the valid values.
0 Binary string.
The key is specified as a binary value. To obtain a good random key value, use the Generate Symmetric Key (OPM, QC3GENSK; ILE, Qc3GenSymmetricKey) API or the Generate Pseudorandom Numbers (OPM, QC3GENRN; ILE, Qc3GenPRNs) API.1 BER string
If the key type field specifies 50 (RSA public), the key must be specified in BER encoded X.509 Certificate or SubjectPublicKeyInfo format. For specifications of this format, refer to RFC 3280. If the key type field specifies 51 (RSA private), the key must be specified in BER encoded PKCS #8 format. For specifications of this format, refer to RSA Security Inc. Public-Key Cryptography Standards. To generate a PKA key pair, use the Generate PKA Key Pair (OPM, QC3GENPK; ILE, Qc3GenPKAKeyPair) API.
- Key string
- The key to use in the encrypt operation.
- Key string length
- Length of the key string specified in the key string field.
- Key type
- The type of key. Following are the valid values.
20 DES
The key string length or derived key string length must be 8 bytes. For key description KEYD0200, the key format must be 0. Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte is used to set parity. Some cryptographic service providers require that a DES key have odd parity in every byte. Others ignore parity.21 Triple DES
The key string length or the derived key length can be 8, 16, or 24. For key description KEYD0200, the key format must be 0. Triple DES operates on an encryption block by doing a DES encrypt, followed by a DES decrypt, and then another DES encrypt. Therefore, it actually uses three 8-byte DES keys. If 24 bytes are supplied in the key string, the first 8 bytes are used for key 1, the second 8 bytes for key 2, and the third 8 bytes for key 3. If 16 bytes are supplied, the first 8 bytes are used for key 1 and key 3, and the second 8 bytes for key 2. If only 8 bytes are supplied, it will be used for all 3 keys (essentially making the operation equivalent to a single DES operation). Only 7 bits of each byte are used as the actual key. The rightmost bit of each byte is used to set parity. Some cryptographic service providers require that a Triple DES key have odd parity in every byte. Others ignore parity.22 AES
The key string length or derived key length can be 16, 24, or 32. For key description KEYD0200, the key format must be 0.23 RC2
The key string length or derived key length can be from 1 to 128. For key description KEYD0200, the key format must be 0.30 RC4-compatible
The key string length or derived key length can be from 1 to 256. For key description KEYD0200, the key format must be 0. Because of the nature of the RC4-compatible algorithm, using the same key for more than one message will severely compromise security.50 RSA public
Valid only for key description KEYD0200. The key format must be 1. Encryption with a public key and decryption with a private key is used for data privacy.51 RSA private
Valid only for key description KEYD0200. The key format must be 1. Encryption with a private key and decryption with a public key is used for data authentication (e.g. signing).
- Passphrase
- A text string.
- Passphrase CCSID
- INPUT; BINARY(4)
The CCSID of the passphrase. The passphrase will be converted from the specified CCSID to Unicode before calling the PKCS5 algorithm.
0 The CCSID of the job is used to determine the CCSID of the data to be converted. If the job CCSID is 65535, the CCSID from the default CCSID (DFTCCSID) job attribute is used. 1-65533 A valid CCSID in this range is used. For a list of valid CCSIDs, see the i5/OS globalization topic collection.
- Passphrase length
- The length of passphrase. The length must be in the range of 1 to 256.
- PEM certificate
- An ASCII encoded PEM formated certificate.
- PEM certificate length
- The length of the PEM certificate.
- Qualified keystore file name
- The keystore file where the key is stored. Keystore files are created
by using the Create Keystore (OPM, QC3CRTKS;
ILE, Qc3CreateKeyStore) API. The first 10 characters contain the file name.
The second 10 characters contain the name of the library
where the keystore file is located. You can use the following special values
for the library name.
*CURLIB The job's current library is used to locate the keystore file. If no library is specified as the current library for the job, the QGPL library is used. *LIBL The job's library list is searched for the first occurence of the specified file name.
- Record label
- The label of a key record in a keystore file.
The label will be converted from the job CCSID, or if 65535, the job default
CCSID (DFTCCSID) job attribute to CCSID 1200 (Unicode UTF-16).
Key records are created
by using the Write Key Record (OPM, QC3WRTKR;
ILE, Qc3WriteKeyRecord) API or the Generate Key
Record (OPM, QC3GENKR; ILE, Qc3GenKeyRecord) API.
- Reserved
- Must be null (binary 0s).
- Salt
- Used to help thwart attacks by producing a large set
of keys for each passphrase. The standard recommends the salt be
generated at random and be at least 8 bytes long. You can use the
Generate Pseudorandom Numbers (OPM, QC3GENPRN;
ILE, Qc3GenPRNs) API to obtain a random value. Additionally,
data that distinguishes between various operations can be added to the salt
for additional security. Refer to the standard for more information.
- Salt length
- The length of salt. The length must be in the range of 1 to 16.
Error Messages
Message ID | Error Message Text |
---|---|
CPF24B4 E | Severe error while addressing parameter list. |
CPF3C1E E | Required parameter &1 omitted. |
CPF3CF1 E | Error code parameter not valid. |
CPF3CF2 E | Error(s) occurred during running of &1 API. |
CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
CPF9D94 E | A pending value exists for a master key. |
CPF9D99 E | Error openning certificate store. |
CPF9D9A E | Key is protected by a cryptographic coprocessor. |
CPF9D9B E | Internal error occured retrieving key from system certificate store. |
CPF9D9C E | Function is disallowed with specified key context. |
CPF9D9F E | Not authorized to keystore file. |
CPF9DA0 E | Error occured opening keystore file. |
CPF9DA1 E | Key record not found. |
CPF9DA2 E | Option 34 is not installed. |
CPF9DA3 E | Not authorized to use APPIDs. |
CPF9DA4 E | APPID is not valid. |
CPF9DA5 E | Keystore file not found. |
CPF9DA6 E | The keystore file is not available. |
CPF9DA7 E | File is corrupt or not a valid keystore file. |
CPF9DA8 D | The application identifier length is not valid. |
CPF9DA9 D | The format of the PEM certificate is not valid. |
CPF9DAA D | A key requires translation. |
CPF9DAB E | A key can not be decrypted. |
CPF9DB1 E | The CCSID is not valid. |
CPF9DB3 E | Qualified keystore file name not valid. |
CPF9DB6 E | Record label not valid. |
CPF9DB8 E | Error occured retrieving key record from keystore. |
CPF9DBA E | Derived key length not valid. |
CPF9DBB E | Iteration count not valid. |
CPF9DBC E | Salt length not valid. |
CPF9DBD E | Passphrase length not valid. |
CPF9DBE E | PEM certificate length not valid. |
CPF9DBF E | Certificate label length not valid. |
CPF9DC0 E | Distinghished name length not valid. |
CPF9DC2 E | Key-encrypting algorithm context not compatible with key-encrypting key context. |
CPF9DC3 E | Unable to decrypt data or key. |
CPF9DC6 E | Algorithm not valid for encrypting or decrypting a key. |
CPF9DC8 E | The input data parameter specifies a NULL pointer. |
CPF9DC9 E | The total length of data in the input data array is not valid. |
CPF9DCE E | A data length is not valid. |
CPF9DCF E | A data pointer is not valid. |
CPF9DD0 E | Clear data format name not valid. |
CPF9DD2 E | Algorithm description format name not valid. |
CPF9DD3 E | Key description format name not valid. |
CPF9DD4 E | Length of clear data not valid. |
CPF9DD6 E | Length of area provided for output data is too small. |
CPF9DD7 E | The key-encrypting key context for the specified key is not valid or was previously destroyed. |
CPF9DD8 E | The key-encrypting algorithm context for the specified key is not valid or was previously destroyed. |
CPF9DD9 E | Effective key size not valid. |
CPF9DDA E | Unexpected return code &1. |
CPF9DDB E | The key string or Diffie-Hellman parameter string is not valid. |
CPF9DDD E | The key string length is not valid. |
CPF9DDE E | Cipher algorithm not valid. |
CPF9DDF E | Block length not valid. |
CPF9DE0 E | Hash algorithm not valid. |
CPF9DE1 E | Initialization vector not valid. |
CPF9DE2 E | MAC (message authentication code) length not valid. |
CPF9DE3 E | Mode not valid. |
CPF9DE4 E | Pad option not valid. |
CPF9DE5 E | PKA (public key algorithm) block format not valid. |
CPF9DE6 E | Public key algorithm not valid. |
CPF9DE7 E | Key type not valid. |
CPF9DE9 E | Key format not valid. |
CPF9DEC E | Cryptographic service provider not valid. |
CPF9DED E | Final operation flag not valid. |
CPF9DEE E | Reserved field not null. |
CPF9DF0 E | Operation, algorithm, or mode not available on the requested CSP (cryptographic service provider). |
CPF9DF1 E | The algorithm context token does not reference a valid algorithm context. |
CPF9DF2 E | The algorithm context is not found or was previously destroyed. |
CPF9DF3 E | Algorithm in algorithm context not valid for requested operation. |
CPF9DF4 E | The key context token does not reference a valid key context. |
CPF9DF5 E | The key context is not found or was previously destroyed. |
CPF9DF7 E | Algorithm context not compatible with key context. |
CPF9DF8 E | Cryptographic device name not valid. |
CPF9DF9 E | Cryptographic device not found. |
CPF9DFA E | Multiple-block encryption not valid with the requested mode. |
CPF9DFB E | Cryptographic service provider (CSP) conflicts with the key context CSP. |
CPF9DFD E | Not authorized to device. |
CPF9DFE E | Cryptographic device not available. |
API introduced: V5R3
[ Back to top | Cryptographic Services APIs | APIs by category ]