Filter
Top Products
CCA Release 2.54
External Key-Token: An external key-token contains an external key that is
multiply-enciphered under a key formed by the exclusive-OR of a key-encrypting
key and the control vector that was assigned when the key token was created or
updated.
An external key-token is specified in a verb call using a key_token parameter. An
external key-token resides in application storage. An application program can
obtain an external key-token by calling one of the following verbs:
Control_Vector_Translate
Data_Key_Export
Key_Export
Key_Generate
Key_Token_Build
Key_Translate.
Internal Key-Token: An internal key-token contains an operational key that is
multiply-enciphered under a key formed by the exclusive-OR of a symmetric
master-key and the control vector that was used when the key token was created
or updated.
An internal key-token is specified in a cryptographic verb call by using a
key_identifier parameter. These verbs produce an internal key-token:
Clear_Key_Import
Data_Key_Import
Diversified_Key_Generate
Key_Generate
Key_Import
Key_Part_Import
Key_Record_Read
Key_Token_Build
Prohibit_Export
Symmetric_Key_Import.
Null Key-Token: A null key-token is a 64-byte string that begins with the value
X'00'. A null key-token can reside in application storage or in key storage. Some
verbs that create a key token with default values do so when you identify a null
key-token.
Key Labels
A key label serves as an indirect address for a key-token record in key storage.
The security server uses a key label to access key storage to retrieve or to store
the key token. A key_identifier parameter can point to either a key label or a key
token. Key labels are discussed further at “Key-Label Content” on page 7-2.
Key Identifiers
When a verb parameter is described as some form of a key_identifier, you can
present either a key token or a key label. The key label identifies a key-token
record in key storage.
5-14 IBM 4758 CCA Basic Services, Release 2.54, February 2005