Filter
Top Products
CCA Release 2.54
Since the two halves are random numbers, it is unlikely that the result of the
DOUBLE keyword will produce two halves with the same 64-bit values.
Exporting and Importing Keys, Symmetric Techniques
To operate on data with the same key at two different nodes, you must transport
the key securely between the nodes. To do this, a transport key or key-encrypting
key must be installed at both nodes. (You can also use an RSA asymmetric key as
a transport key, see “Exporting and Importing Keys, Asymmetric Techniques” on
page 5-19.)
A key that is enciphered under a key-encrypting key other than the symmetric
master-key is called an external key. Deciphering an operational key with the
master key and enciphering the key under a key-encrypting key is called a
key-export operation and changes an operational key to an external key. The
key-export operation is performed in the cryptographic facility so that the clear
value of the key to be exported is not revealed.
Deciphering an external key with a key-encrypting key and enciphering the key
under the local symmetric master-key is called a key-import operation, and changes
an external key to an operational key.
The control vector for the transport key-encrypting-key at the source node must
specify the key as an EXPORTER key. The control vector at the target node must
specify the transport key-encrypting-key as an IMPORTER key. The key to be
transported must be multiply-enciphered under an EXPORTER key-encrypting-key
at the source node and multiply-deciphered under an IMPORTER
key-encrypting-key at the target node. Figure 5-9 on page 5-19 shows both the
key-export and key-import operations. Data operation keys, PIN keys, and
key-encrypting keys can be transported in this manner. The control vector specifies
what kind of keys can be enciphered by a key-encrypting key. For more
information, see Appendix C, “CCA Control-Vector Definitions and Key Encryption”
on page C-1.
Use the Key_Export and the Key_Import verbs to export and import keys with key
types that the control vectors associated with the EXPORTER or IMPORTER keys
permit. Use can the Data_Key_Export verb and the Data_Key_Import verb to
export and import DATA keys; these verbs will not import and export key-encrypting
keys and PIN keys.
The key-encipherment processes are described in detail at “CCA Key Encryption
and Decryption Processes” on page C-12 .
5-18 IBM 4758 CCA Basic Services, Release 2.54, February 2005