IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
Chapter 5. DES Key-Management
This chapter describes verbs to perform basic CCA DES key-management
functions. Figure 5-1 lists the verbs covered in this chapter. Introductory material
is presented under these topics:
Understanding CCA DES Key-Management
Control vectors, key types, and key-usage restrictions
Key tokens, key labels, and key identifiers
Using the key-processing and key-storage verbs
Security precautions.
Figure 5-1 (Page 1 of 2). Basic CCA DES Key-Management Verbs
Verb Page Service Entry
Point
Svc
Lcn
Clear_Key_Import 5-22 Enciphers a clear key under the symmetric master-key,
and updates or creates an internal key-token for a DATA
key. (Also see Multiple_Clear_Key_Import.)
CSNBCKI E
Control_Vector_Generate 5-24 Builds a control vector from keywords. CSNBCVG S
Control_Vector_Translate 5-26 Changes the control vector associated with a key in an
external key-token.
CSNBCVT E
Cryptographic_Variable_Encipher 5-29 Encrypts modest quantities of data using a unique
key-class, CVARENC. The service is used to prepare the
mask-array variable for the Control_Vector_Translate verb.
CSNBCVE E
Data_Key_Export 5-31 Exports a DES data-key and creates an external key-token
that contains a null control vector.
CSNBDKX E
Data_Key_Import 5-33 Imports a DES data-key and creates an internal key-token
for the key.
CSNBDKM E
Diversified_Key_Generate 5-35 Generates a DES key based on supplied information and a
key-generating key. The verb often finds use in generating
keys for use with smart-cards.
CSNBDKG E
Key_Export 5-42 Exports a DES key and creates an external key-token. CSNBKEX E
Key_Generate 5-44 Generates a random DES key or DES key pair, enciphers
the keys, and updates or creates internal or external
key-tokens.
CSNBKGN E
Key_Import 5-51 Imports a DES key or a key-token, and updates an internal
key-token or creates an internal key-token.
CSNBKIM E
Key_Part_Import 5-54 Combines clear key parts, enciphers the key, and updates
an internal key-token.
CSNBKPI E
Key_Test 5-58 Generates or verifies a verification pattern for keys and key
parts.
CSNBKYT E
Key_Token_Build 5-61 Creates a DES key-token from supplied information. CSNBKTB S
Key_Token_Change 5-64 Reenciphers a DES key from the old symmetric
master-key to the current symmetric master-key.
CSNBKTC E
Key_Token_Parse 5-66 Parses a DES key-token and provides the contents as
individual variables.
CSNBKTP S
Key_Translate 5-69 Changes the encipherment of a key from one
key-encrypting key to another key-encrypting key.
CSNBKTR E
Multiple_Clear_Key_Import 5-71 Imports DES keys to form a double-length DES data-key.
(Also see Clear_Key_Import.)
CSNBCKM E
Service location (Svc Lcn): E=Cryptographic Engine, S=Security API software
Copyright IBM Corp. 1997, 2005
5-1