Home > IT Answers > AS/400 > Using API QC3ENCDT in encryption using RSAalgorithm under a Public key, error CPF9DDB !
Syedmohsin4
55 pts.
 Using API QC3ENCDT in encryption using RSAalgorithm under a Public key, error CPF9DDB !
AS/400, COBOL, Data Encryption, RSA Adaptive Authentication, V5R4
Hi

I have been working on Encryption/Decryption of data on AS400 v5R4. I have already done the Encryption of data using QC3ENCDT API on COBOOL. Now, I want to use the RSA Public key to encrypt my encryption key. For that I had written a test program but it is throwing one error and I m unable to find the cause of the error: The error code is CPF9DDB.

Description is

The key string or Diffie-Hellman parameter string is not valid

Cause is Either there is an error in the BER encoding or the BER encoded string describes an object not valid for this operation.

Here is my code in cobol:

[/pre] 
01 WS-PUBLIC-KEY     PIC X(512).
 01 WS-PRIVATE-KEY    PIC X(512).
 01 WS-CIPHER-DATA-1  PIC X(1024).
 01 WS-KEYD.
    05 WS-KEY-TYPE-2         PIC 9(8) USAGE BINARY VALUE 50.
    05 WS-KEY-LENGTH         PIC 9(8) USAGE BINARY VALUE 92.
    05 WS-KEY-FORMAT-2       PIC X(1) VALUE ‘1′.
*   05 WS-RESERVED           PIC X(3).
    05 WS-KEY-STRING         PIC X(512).                          

     EXEC SQL END DECLARE SECTION END-EXEC.                       

 01 KEY-TYPE-1                PIC 9(8) USAGE BINARY VALUE 50.
 01 KEY-SIZE                  PIC 9(8) USAGE BINARY VALUE 512.
 01 PKE                       PIC 9(8) USAGE BINARY VALUE 65537.
 01 KEY-FORMAT-1              PIC X(1) VALUE ‘1′.
 01 KEY-FORM                  PIC X(1) VALUE ‘0′.
 01 KEK-CTXT-TOKN             PIC X(8).
 01 KEK-ALG-CTXT-TOKN         PIC X(8).
 01 CRYPTO-SP-1               PIC X(1) VALUE ‘1′.                 

01 CRPTO-DEVICE-1            PIC X(10) VALUE SPACES.
01 PVT-KEY-STRING            PIC X(512).
01 LOA-PVT-KS                PIC 9(8) USAGE BINARY VALUE 512.
01 LENGTH-PVT-KS             PIC 9(8) USAGE BINARY.
01 PUB-KEY-STRING            PIC X(512).
01 LOA-PUB-KS                PIC 9(8) USAGE BINARY VALUE 512.
01 LENGTH-PUB-KS             PIC 9(8) USAGE BINARY.
01 ERR1.
   05 BYTES-PRVD             PIC 9(8) USAGE BINARY VALUE 64.
   05 BYTES-AVAIL            PIC 9(8) USAGE BINARY.
   05 EXC-ID                 PIC X(7).
   05 RESERVED               PIC X(1) VALUE B’0′.
   05 EXC-DATA               PIC X(20).                         

 Variables for Encryption API         [/pre]

[/pre]
01 WS-CLEAR-DATA     PIC X(64) VALUE ‘MOHSIN’.
01 LENGTH-CD         PIC 9(8) USAGE BINARY VALUE 64.
01 CD-FMT            PIC X(8) VALUE ‘DATA0100′.
01 ALGO.
   05 PKC-ALGO           PIC 9(8) USAGE BINARY VALUE 50.        

    05 PKA-BLOCK-FMT      PIC X(1) VALUE ‘2′.
*   05 RESERVED           PIC X(1) VALUE B’0′.
*   05 SCA                PIC 9(8) USAGE BINARY.                

 01 ALGO-FMT-NAME         PIC X(8) VALUE ‘ALGD0400′.            

 01 KEYD.
    05 KEY-TYPE-2         PIC 9(8) USAGE BINARY VALUE 50.
    05 KEY-LENGTH         PIC 9(8) USAGE BINARY VALUE 92.
    05 KEY-FORMAT-2       PIC X(1) VALUE ‘1′.
*   05 RESERVED           PIC X(3).
    05 KEY-STRING         PIC X(512).
 01 KEYD-FMT-NAME         PIC X(8) VALUE ‘KEYD0200′.            

 01 CRYPTO-SP-2           PIC X(1) VALUE ‘1′.
 01 CRPTO-DEVICE-2        PIC X(10) VALUE SPACES.
 01 WS-CIPHER-DATA        PIC X(1024).
 01 LOA-CIPHER-DATA       PIC 9(8) USAGE BINARY VALUE 1024.
 01 LENGTH-CIPHER-DATA    PIC 9(8) USAGE BINARY.
 01 ERR2.
    05 BYTES-PRVD         PIC 9(8) USAGE BINARY VALUE 64.
    05 BYTES-AVAIL        PIC 9(8) USAGE BINARY.
    05 EXC-ID             PIC X(7).
*   05 RESERVED           PIC X(1) VALUE B’0′.
[/pre]
    05 EXC-DATA           PIC X(20).[/pre]
LINKAGE SECTION.                                             

**************************************************************
 PROCEDURE DIVISION.
**************************************************************

 0000-MAIN.                                                   

     PERFORM   1000-INIT-PARA
        THRU   1000-EXIT.                                     

     PERFORM   2000-PROCESS-PARA
        THRU   2000-EXIT.                                     

     PERFORM   9000-OVER-PARA
        THRU   9000-EXIT.                                     

 0000-EXIT.
      EXIT.
/
*************************************************************
* Housekeeping Routine
*************************************************************

 1000-INIT-PARA.                                             

     MOVE SPACES TO CRPTO-DEVICE-1
                    CRPTO-DEVICE-2
                    WS-CLEAR-DATA.
     INITIALIZE PVT-KEY-STRING
                PUB-KEY-STRING.                              

*  Set up error handling work area.
     INITIALIZE WS04-ERROR-DETAIL-AREA.                      

     SET   NO-ERRORS                TO TRUE.
     MOVE ‘BASSYS0018′              TO WS04-HOLD-PROG-NAME.  

     MOVE ‘POL’                     TO WS04-HOLD-KEY-TYPE.
     STRING  ‘ ‘                    DELIMITED BY SIZE
             ‘;’                    DELIMITED BY SIZE
       INTO WS04-HOLD-KEY-STRING
     END-STRING.                                              

 1000-EXIT.
      EXIT.
/                                                             

**************************************************************
* Processing Paragraph
**************************************************************

 2000-PROCESS-PARA.                                           

     CALL ‘QC3GENPK’ USING KEY-TYPE-1
                           KEY-SIZE
                           PKE
                          KEY-FORMAT-1
                          KEY-FORM
                          KEK-CTXT-TOKN
                          KEK-ALG-CTXT-TOKN
                          CRYPTO-SP-1
                          CRPTO-DEVICE-1
                          PVT-KEY-STRING
                          LOA-PVT-KS
                          LENGTH-PVT-KS
                          PUB-KEY-STRING
                          LOA-PUB-KS
                          LENGTH-PUB-KS
                          ERR1.                           

    MOVE PUB-KEY-STRING       TO KEY-STRING.              

     CALL ‘QC3ENCDT’ USING WS-CLEAR-DATA
                           LENGTH-CD
                           CD-FMT
                           ALGO
                           ALGO-FMT-NAME
                           KEYD
                           KEYD-FMT-NAME
                           CRYPTO-SP-2
                           CRPTO-DEVICE-2
                           WS-CIPHER-DATA
                           LOA-CIPHER-DATA
                           LENGTH-CIPHER-DATA
                           ERR2.                         

 2000-EXIT.
      EXIT.
/
[/pre]
*******************************[/pre]
[/pre]


Software/Hardware used:
AS400 i5OS
ASKED: December 11, 2010  8:27 AM
UPDATED: December 13, 2010  1:57 PM
RELATED QUESTIONS
Answer Wiki:
Last Wiki Answer Submitted:  Be the first to answer this question.
All Answer Wiki Contributors:  Be the first to answer this question.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

The error was thrown in the Encryption API QC3ENCDT. Thanks

Syedmohsin4
 55 pts.
 

If the posted code is exactly what you have running, then you have commented out parts of the structures. For example: 

 *   05 RESERVED           PIC X(3).

For KEYD0200, that can’t be commented out. “Reserved” areas need to be filled with binary zeros. In the case of this area, 3 bytes of hexadecimal zeros will work.

There are other fields that you also have commented out that need to be included. It’s not clear if you are showing example code or actual code that throws the error. Fill in the rest of your structures and see what changes.

Tom

TomLiotta
 108,055 pts.
 

Hi Tom,

This is the actual code I am trying to run. Now, I have filled the previously commented fields with the binary zeroes or hex zeroes. Below are the changes I have made in the code. But the same problem persists. It’s the same, CPF9DDB in err2 parameter of QC3ENCDT API. What else do U suggest I should do? Thanks..

    05 RESERVED               PIC X(1) VALUE X'00'.     

    05 RESERVED           PIC X(1) VALUE X'00'.                   

    05 SCA                PIC 9(8) USAGE BINARY VALUE ZEROES.     

    05 RESERVED           PIC X(3) VALUE X'000000'.   

    05 RESERVED           PIC X(1) VALUE X'00'.
Syedmohsin4
 55 pts.