Filter
Top Products
CCA Release 2.54
verbs also support the ANSI X9.23 mode of encryption. In X9.23 encryption, at
least one byte of data and up to eight bytes of data are always added to the end of
your plaintext. The last of the added bytes is a binary value equal to the number of
added bytes. The ANSI X9.23 process ensures that the enciphered data is always
a multiple of eight bytes as required for CBC encryption. In X9.23 decryption, the
padding is removed from the decrypted plaintext.
Whenever the first block of plaintext has a predictable value, it is important to
modify the first block of data prior to encryption to deny an adversary a known
plaintext-ciphertext pair. There are two common approaches:
Use an initialization vector
Prepend your data with 8 bytes of random data, an initial text sequence.
An initialization vector is exclusive-ORed with the first block of plaintext prior to
encrypting the result. The initialization vector is exclusive-ORed with the decryption
of the first block of ciphertext to correctly recover the original plaintext. You must,
of course, have a means of passing the value of the initialization vector from the
encryption process to the decryption process. A common solution to the problem is
to pass the initialization vector as an encrypted quantity during key agreement
between the encrypting and decrypting processes. You specify the value of an
initialization vector when you invoke the Encipher and the Decipher verbs.
If the procedure for agreeing on a key does not readily result in passing of an
encrypted quantity that can serve as the initialization vector, then you can add eight
bytes of random data to the start of your plaintext. Of course, the decrypting
process must remove this initial text sequence as it recovers your plaintext. An
initialization vector valued to binary zero is used in this case.
The key used to encrypt or decrypt your data is specified in a key token. The
control vector for the key must be of the general class DATA
2
or CIPHER-class
(control vector bits 8 to 15 equal to X'00' or X'03', respectively). In addition to
the class of key defined in CV bits 8 to 14, CV bit 18 must also be on to encipher
data while CV bit 19 must also be on to decipher data. See Appendix C, “CCA
Control-Vector Definitions and Key Encryption.” DATA keys can participate in both
enciphering and MACing while CIPHER-class keys only perform in ciphering
operations.
If an invocation of the Encipher or the Decipher verb should include use of the
initialization vector value, use the keyword INITIAL. If there is more data that is a
logical extension of preceding data, you can use the keyword CONTINUE. In this
case, the initialization vector value is not used, but the enciphered value of the last
block of data from a prior ciphering verb is taken from the chaining_vector save
area that you must provide with each use of the ciphering verbs. Each portion of
your data must be a multiple of eight bytes and you must use the CBC encryption
mode. You can use X9.23 keyword with the final invocation of the ciphering verbs
if your processes use this method to accommodate data that can be other than a
multiple of eight bytes.
2
Uppercase letters are used for DATA to distinguish the meaning from a more general sense in which the term data keys means
keys used for ciphering and MACing. In this publication, DATA means keys whose control vector bits 8 to 15 are valued to X'00'.
6-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005