Filter
Top Products
CCA Release 2.54
commands in the performance of the verb. Each of these commands has to be
authorized for use. Access-control administration concerns managing these
authorizations.
Chapter 3, “RSA Key-Management” explains how you can generate and
protect an RSA key-pair. The chapter also explains how you can control the
distribution of the RSA private key for backup and archive purposes and to
enable multiple cryptographic engines to use the key for performance or
availability considerations. Related services for creating and parsing RSA
key-tokens are also described.
When you wish to backup an RSA private key, or supply the key to another
node, you will use a double-length DES key-encrypting key, a transport key.
You will find it useful to have a general understanding of the DES
key-management concepts found in chapter Chapter 5, “DES
Key-Management.”
Chapter 4, “Hashing and Digital Signatures” explains how you can:
– Provide for demonstrations of the integrity of data -- demonstrate that data
has not been changed
– Attribute data uniquely to the holder of a private key.
These problems can be solved through the use of a digital signature. The
chapter explains how you can hash data (obtain a number that is characteristic
of the data, a digest) and how you can use this to obtain and validate a digital
signature.
Chapter 5, “DES Key-Management” explains the many services that are
available to manage the generation, installation, and distribution of DES keys.
An important aspect of DES key-management is the means by which these
keys can be restricted to selected purposes. Deficiencies in key management
are the main means by which a cryptographic system can be broken.
Controlling the use of a key and its distribution is almost as important as
keeping the key a secret. CCA employs a non-secret quantity, the control
vector, to determine the use of a key and thus improve the security of a node.
Control vectors are described in detail in Appendix C, “CCA Control-Vector
Definitions and Key Encryption.”
Chapter 6, “Data Confidentiality and Data Integrity” explains how you can
encrypt data. The chapter also describes how you can use DES to
demonstrate the integrity of data through the production and verification of
message authentication codes.
Chapter 7, “Key-Storage Verbs” explains how you can label, store, retrieve,
and locate keys in the cryptographic-services access-layer-managed key
storage.
Chapter 8, “Financial Services Support Verbs” explains three groups of verbs
of especial use in finance industry transaction processing:
– Processing keys and information related to the Secure Electronic
Transaction (SET) protocol
– A suite of verbs for processing personal identification numbers (PIN) in
various phases of automated teller machine and point-of-sale transaction
processing
– Verbs to generate and verify credit-card and debit-card validation codes.
1-14 IBM 4758 CCA Basic Services, Release 2.54, February 2005