Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Usually there is a default control-vector associated with each of the key types just

listed; see Figure C-2 on page C-3. The bits in positions 16-22 and 33-37

generally have different meanings for every key class. Many of the remaining bits

in a control vector have a common meaning. Most of the DES key-management

services permit you to use the default control-vector value by naming the key class

in the service's key-type variable. This does not apply to all key-type classes.

Figure C-1. Key Classes

Key Type Key Usage

Key-Encrypting Keys

IMPORTER Used to decrypt a key brought to this local node

EXPORTER Used to encrypt a key taken from this local node

IKEYXLAT Used to decrypt an input key in the Key_Translate service

OKEYXLAT Used to encrypt an output key in the Key_Translate service

Data operation keys

CIPHER,

DECIPHER,

ENCIPHER

Used only to encrypt or decrypt data

DATA Used to encrypt or decrypt data, or to generate or verify a MAC

DATAC Used to specify a DATA-class key that will perform in the Encipher

and Decipher verbs, but not in the MAC_Generate and

MAC_Verify verbs.

DATAM Used to specify a DATA-class key that will perform in the

MAC_Generate and MAC_Verify verbs, but not in the Encipher

and Decipher verbs.

DATAMV Used to specify a DATA-class key that will perform in the

MAC_Verify verb, but not in the MAC_Generate, Encipher, or

Decipher verbs.

MAC Used to generate or verify a MAC

MACVER Used to verify a MAC code (cannot be used in MAC-generation)

SECMSG Used to encrypt keys or PINs in a secure message

PIN-processing keys

IPINENC Used to decrypt a PIN block

OPINENC Used to encrypt a PIN block

PINGEN Used to generate and verify PIN values

PINVER Used to verify, but not generate, PIN values

Special cryptographic-variable encrypting keys

CVARENC Used to encrypt the mask arrays in the

Cryptographic_Variable_Encipher verb for the

Control_Vector_Translate verb

CVARXCVL and

CVARXCVR

Used to encrypt special control values in the

Cryptographic_Variable_Encipher verb for use with the

Control_Vector_Translate verb

Key-generating keys

DKYGENKY Used to generate a key based on a key-generating key

KEYGENKY Used to generate or derive other keys.

C-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next