Filter
Top Products
CCA Release 2.54
Asymmetric DES keys. An asymmetric DES key is a key in a key pair in which
the keys are used as opposites.
– ENCIPHER and DECIPHER. Used to only encrypt data versus only to
decrypt data.
– MAC and MACVER. Used in generating (and verifying) a MAC versus only
verifying a MAC.
– PINGEN and PINVER. Used in generating (and verifying) a personal
identification number (PIN) versus only verifying a PIN.
– OPINENC and IPINENC. Used to only encrypt a PIN block versus only to
decrypt a PIN block.
Likewise these unusual key types are paired for other opposite purposes:
– CVARENC and CVARXCVL
– CVARENC and CVARXCVR.
The cryptographic facility also interprets key-encrypting keys with the following
key types as asymmetric keys that can be used to create one-way
key-distribution channels:
– EXPORTER or OKEYXLAT. A key with this key type can encipher a key at
a node that “exports” a key.
– IMPORTER or IKEYXLAT. A key with this key type can decipher a key at
a node that “imports” the key.
An EXPORTER key is paired with an IMPORTER or an IKEYXLAT key. An
IMPORTER key is paired with an EXPORTER or an OKEYXLAT key. These
key types permit the establishment of a unidirectional key-distribution channel
which is important both to preserve the asymmetric capabilities possible with
CCA-architecture systems, and to further secure a key-distribution system from
unintended key-distribution possibilities.
For information about generating key pairs, see “Generating Keys” on
page 5-16.
Depending on the key type, a key can be single or double in length. A
double-length key that has different values in its left and right halves greatly
increases the difficulty for an adversary to obtain the clear value of the enciphered
quantity. A double-length key that has the same values in its left and right halves
produces the same results as a single-length key and therefore has the strength of
a single-length key. See Figure 5-3 on page 5-7.
Some verbs can create a default control-vector for a key type. For information
about the values for these control vectors, see Appendix C, “CCA Control-Vector
Definitions and Key Encryption.”
Key-Usage Restrictions
In addition to a key type and subtype, a control vector contains key-usage values
that further restrict the use of a key. Most key types define a default set of
key-usage restrictions in a control vector. See Figure C-2 on page C-3.
Key-usage restrictions can be varied by using keywords when constructing
control-vector values using the Key_Token_Build verb or the
Control_Vector_Generate verb, or by manually setting bits in the control vector.
5-6 IBM 4758 CCA Basic Services, Release 2.54, February 2005