Filter
Top Products
CCA Release 2.54
13. For all keys, set the following bits:
The export bit (E, bit 17). If set to 0, the export bit prevents a key from
being exported. By setting this bit to 0, you can prevent the receiver of a
key from exporting or translating the key for use in another cryptographic
subsystem. Once this bit is set to 0, it cannot be set to 1 by any verb other
than the Control_Vector_Translate verb. The Prohibit_Export verb can
reset the export bit.
The key-part bit (K, bit 44). Set the key-part bit to 1 in a control vector
associated with a key part. When the final key part is combined with
previously accumulated key parts, the key-part bit in the control vector for
the final key part is set to 0. The Control_Vector_Generate verb can set
the key-part bit to 1 when you supply the KEY-PART keyword.
For the user definition bits (uu...u, bits 4, 5, and 61), do the following:
– Set either or both u4 and u5 as may be required by a user-defined
extension (UDX). These bits are reserved for use by UDX code and
are not used or tested by IBM code.
– Set the u61 bit to 1 if the key is only permitted to function in a
user-defined extension. That is, the key will not be useable in CCA
services defined in this publication. Keys with bits 4, 5, and/or 61 set
on can be generated, and can be imported and exported (provided
other conditions permit).
The anti-variant bits (bit 30 and bit 38). Set bit 30 to 0 and bit 38 to 1.
Many cryptographic systems have implemented a system of variants where
a 7-bit value is exclusive-ORed with each 7-bit group of a key-encrypting
key before enciphering the target key. By setting bits 30 and 38 to
opposite values, control vectors do not produce patterns that can occur in
variant-based systems.
Control vector bits 64 to 127. If bits 40 to 42 are B'000' (single-length
key), set bits 64 to 127 to 0. Otherwise, copy bits 0 to 63 into bits 64 to
127 and set bits 105 and 106 to B'01'.
Set the parity bits (low-order bit of each byte, bits 7, 15, ..., 127). These
bits contain the parity bits (P) of the control vector. Set the parity bit of
each byte so the number of zero-value bits in the byte is an even number.
Bits
19 to 22
Keyword
To Obtain
0001 DDATA single- or double-length DATA key
0010 DMAC single- or double-length MAC key
0011 DMV single- or double-length MACVER key
0100 DIMP IMPORTER key
0101 DEXP EXPORTER key
0110 DPVR PIN verify key
1000 DMKEY double-length SMKEY SECMSG key
1001 DMPIN double-length SMPIN SECMSG key
1111 DALL any of the above.
Appendix C. CCA Control-Vector Definitions and Key Encryption C-11