Filter
Top Products
CCA Release 2.54
Figure 5-1 (Page 2 of 2). Basic CCA DES Key-Management Verbs
Verb Page Service Entry
Point
Svc
Lcn
PKA_Decrypt 5-73 Uses an RSA private-key to decrypt a symmetric key
formatted in an RSA DSI PKCS #1 block type 2 structure
and return the symmetric key in the clear.
CSNDPKD E
PKA_Encrypt 5-75 Uses an RSA public-key to encrypt a clear symmetric-key
in an RSA DSI PKCS #1 block type 2 structure and return
the encrypted key.
Using the ZERO-PAD option, you can encipher information
including a hash to validate digital signatures such as ISO
9796-2.
CSNDPKE E
PKA_Symmetric_Key_Export 5-78 Exports a symmetric key under an RSA public key. CSNDSYX E
PKA_Symmetric_Key_Generate 5-81 Generates a new DES key and returns one copy
multiply-enciphered under the symmetric master-key or a
DES key-encrypting key and another copy enciphered
under an RSA public key.
CSNDSYG E
PKA_Symmetric_Key_Import 5-86 Imports a symmetric key under an RSA private key. CSNDSYI E
Prohibit_Export 5-90 Modifies a key so it can no longer be exported. CSNBPEX E
Random_Number_Generate 5-91 Generates a random number. CSNBRNG E
Service location (Svc Lcn): E=Cryptographic Engine, S=Security API software
Understanding CCA DES Key-Management
The DES algorithm operates on 64 data-bits at a time (eight bytes of 8-bit-per-byte
data). The results produced by the algorithm are controlled by the value of a key
that you supply. Each byte of the key contains 7 bits of key information plus a
parity bit (the low-order bit in the byte). The parity bit is set so that there is an odd
number of one bits for each key byte. The parity bits do not participate in the DES
algorithm.
The DES algorithm is not secret. However, by using a secret key, the algorithm
can produce ciphertext that is impossible (for all practical purposes) to decrypt
without knowing the secret key. The requirement to keep a key secret, and to have
the key available at specific place(s) and time(s), produces a set of activities known
collectively as key management.
Because the secrecy and reliability of DES-based cryptography is strongly related
to the secrecy, control, and use of DES keys, the following aspects of key
management are important:
Securing a cryptographic facility or process. The hardware provides a secure,
tamper-resistant environment for performing cryptographic operations and for
storing cryptographic keys in the clear. The hardware provides cryptographic
functions as a set of commands that are selectively enabled under different
roles. To activate a profile and its role to enable different hardware capabilities,
users (programs or persons) must supply identification and a password for
verification. Using these capabilities, you can control the use of sensitive
key-management capabilities.
Separating key types to restrict the use of each key. A user or a process
should be restricted to performing only the processes that are required to
accomplish a specific task. Therefore, a key should be limited to a set of
5-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005