
CCA Release 2.54 Data_Key_Export
Data_Key_Export (CSNBDKX)
OS/2 AIX Win NT/
IBM 4758-2/23 X X X X
The Data_Key_Export verb exports a single-length or double-length internal
DATA-key. The verb can export the key from an internal key-token in key storage
or application storage. This verb, which is authorized with a different control point
than used with the Key_Export verb, allows you to limit the export operations to
DATA keys as compared to the capabilities of the more general verb.
The verb overwrites the 64-byte target-key-token variable with an external DES
key-token that contains the source key now encrypted by the EXPORTER
key-encrypting-key. Only a DATA key can be exported. If the source key has a
control vector valued to the default DATA control vector, the target key will be
enciphered without any control vector (that is, an “all zero” control vector),
otherwise the source-key control vector will also be used with the target key.
A key with a default, double-length DATA control-vector is exported into a version
X'01' external key-token. Otherwise, keys are exported into version X'00' key
Starting with Release 2.41, unless you enable the Unrestrict Data Key Export
command (offset X'0277'), having replicated key-halves is not permitted to export
a key having unequal key-halves. Note that key parity bits are ignored.
return_code Output Integer
reason_code Output Integer
exit_data_length In/Output Integer
exit_data In/Output String exit_data_length bytes
source_key_identifier Input String 64 bytes
exporter_key_identifier Input String 64 bytes
target_key_token Output String 64 bytes
For the definitions of the return_code, reason_code, exit_data_length, and exit_data
parameters, see “Parameters Common to All Verbs” on page 1-11.
The source_key_identifier parameter is a pointer to a string variable containing
the internal key-token or the key label of the internal key-token to be exported.
Only a DATA key can be exported.
The exporter_key_identifier parameter is a pointer to a string variable
containing the (EXPORTER) transport key-token or the key label of the
(EXPORTER) transport key-token used to encipher the target key.
Chapter 5. DES Key-Management 5-31