z/OS / Change version

2.4.0 /
Feedback Product list

Size considerations for public and

private keys
Last Updated: 2021-05-27

RACF® has restrictions for

the size of the private key for certificates that have associated
private keys.

For NISTECC keys, valid key sizes are 192, 224, 256,
384, and 521 bits. For BPECC keys, valid
key sizes are 160, 192, 224,
256, 320, 384, and 512 bits.

For DSA keys, the minimum key size is

512. For RSA keys, the minimum size for clear RSA keys
and secure
RSA keys on the public key data set (PKDS) is 512 bits. The minimum
size for
secure RSA keys on the token key data set (TKDS) is 1024
bits and the size must be a multiple
of 256. The maximum key size
is determined by United States export regulations and is
controlled
by RACF and non-RACF code in z/OS. Depending
on the installation, non-RACF code
might enforce a lower maximum size.

Maximum key sizes: The maximum key size for

a private key depends on key type, as
follows:
Maximum key
Private key type
size

RSA key that is stored in the RACF database 4096 bits

RSA key that is stored in the ICSF TKDS as a

secure key 4096 bits

RSA key that is stored in the ICSF PKDS as a

CRT key token 4096 bits

DSA key 2048 bits

RSA key that is stored in the ICSF PKDS as an

ME key token 1024 bits

NISTECC key 521 bits

BPECC key 512 bits

Currently, the standard sizes for RSA keys are as follows:

Key size Key strength

 512 bits Low-strength key

1024 bits Medium-strength key

2048 bits High-strength key

4096 bits Very high-strength key

Key strength considerations: Shorter keys of

the ECC type, which are generated when you
specify NISTECC or BPECC,
achieve comparable key strengths when compared with longer
RSA keys.

RSA, NISTECC, and BPECC keys of the following sizes

are comparable in strength:
RSA
key NISTECC key size BPECC key size
size
 1024
192 bits 160 or 192 bits
bits
 2048
224 bits 224 bits
bits
 3072
256 bits 256 or 320 bits
bits
 7680
384 bits 384 bits
bits
15360
521 bits 512 bits
bits

Hashing algorithm used for signing: RACF signs certificates using a

set of secure hash
algorithms that are based on the SHA-1 or SHA-2
hash functions. When the signing key is a
DSA type, the SHA-1 algorithm
is used for keys of all sizes. When the signing key is an RSA,
NISTECC,
or BPECC type, the size of the signing key determines the hashing
algorithm that is
used for signing, as follows:

Hashing Signing key

size
algorithm

used for signing RSA NISTECC BPECC

 Hashing Signing key
size
algorithm

used for signing RSA NISTECC BPECC

Less than 2048

SHA-1 — —
bits
2048 bits or
192, 224,
160, 192, 224,

SHA-256
longer or 256 bits 256, or 320 bits

SHA-384 — 384 bits 384 bits

SHA-512 — 521 bits 512 bits

Parent topic:
Using RACF to manage digital certificates

Previous
Using RACF to manage digital certificates

Next
Using the RACDCERT command to administer certificates