Is Digital Certificate encryption SHA512 supported by CA Top Secret?

Document ID : KB000015650
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

SHA-512 encryption support for CA Top Secret.

Question:

Is SHA-512 encryption cipher supported by CA Top Secret?

 

Answer:

CA Top Secret only supports SHA512 signing algorithm on certificates that are generated with NISTECC or BPECC keys.

Below is a link to the doc:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/issuing-commands-to-communicate-administrative-requirements/keywords/signalg-keywordspecify-the-certificate-signing-algorithm

Via GSKYYMAN, we were able to generate a certificate with SHA512 and NISTECC private key, and
add the certificate to TSS.

Below is and example TSS LISTing the SHA512 certificate:

DIGICERT = TRUMP ACCESSORID = LUGBR05
ADMIN BY= BY(LUGBR01 ) SMFID(XE58) ON(08/24/2017) AT(14:30:44)
LABEL = TRUMP
STATUS = TRUST
SERIAL# = 599F1647000775F9
ISSUER DISTINGUISHED NAME:
.CN=NIXON.OU=gov.O=gov.L=EWING.ST=NJ.C=US
SUBJECT DISTINGUISHED NAME:
CN=NIXON.OU=gov.O=gov.L=EWING.ST=NJ.C=US
KEYUSAGE:
HANDSHAKE DOCSIGN CERTSIGN KEYAGREE
PRIVATE KEY SIZE = 521
PRIVATE KEY TYPE = NIST ECC secp521r1
ALGORITHM = ecdsa with SHA-512
NOT BEFORE = 2017/08/24 18:09:11 UTC
NOT AFTER = 2018/08/24 18:09:11 UTC
TSS0300I LIST FUNCTION SUCCESSFUL