What is the command to EXPORT just the private key of a digital certificate?
Release : 16.0
Component : CA Top Secret for z/OS
The FORMAT keyword on the TSS EXPORT command determines if the public key and/or the private key is included.
To EXPORT the public and private key, one of the PKCS12xxx formats must be used. Only use the PKCSPASS keyword on the EXPORT command one of the PKCS12xxx formats is being used.
Example:
TSS EXPORT(CERTSITE) DIGICERT(CERTA) FORMAT(PKCS12DER) PKCSPASS(password) DCDSN(somedataset)
If just the public key needs to be exproted, use CERTDER or BASE64 formats. PKCSPASS is not needed if not using the PKCS12xxx format.
Example:
TSS EXPORT(CERTAUTH) DIGICERT(ROOTCERT) FORMAT(CERTDER) DCDSN(datasetname)
If a TSS CHKCERT DCDSN(datasetname) is done on the dataset that contains the certificate a private key size is not displayed. If there is a private key size, then the private key is present. The TSS CHKCERT display is similar to the TSS LIST of a certificate.