'Re: Digital Certificates - Root CA'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Digital Certificates - Root CA
From:       Wai Choi <wchoi () US ! IBM ! COM>
Date:       2008-09-25 14:28:53
Message-ID: OFFB17B5C0.89F3377F-ON852574CF.004C12AE-852574CF.004F8B3E () us ! ibm ! com
[Download RAW message or body]

Steve,

Are you talking about RACF or gskkyman in System SSL? A cert with 4096
bits key can be loaded by gskkyman since V1R6 and it can be loaded in RACF
starting V1R10.

Regards,
Wai


Wai Choi - RACF/PKI Development




"Chan, Steven" <steven.chan@EDS.COM>
Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
09/25/2008 03:30 AM
Please respond to
RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>


To
RACF-L@LISTSERV.UGA.EDU
cc

Subject
Digital Certificates - Root CA






Hi there

I am aware I cannot load a root CA with RSA 4096 bits key length as the
max length is currently 2048 bits.

We are running zOSV1R9 and am aware it will be support in V1R10.

However, when we run the SSL started task now, it displays

F GSKSRVR,D CRYPTO
GSK01009I Cryptographic status 464
Algorithm       Hardware        Software
DES             56              56
3DES            168             168
AES             128             256
RC2             --              128
RC4             --              128
RSA Encrypt     2048            4096
RSA Sign        2048            4096
DSS             --              1024
SHA-1           160             160
SHA-256         256             256

  and shows support for 4096 for RSA algorithms.

I'm not an expert at this, but could someone explain what the difference
is here.

Thanks...Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic