Filter
Top Products
CCA Release 2.54
CCA Key Encryption and Decryption Processes
This section describes the CCA key-encryption processes:
CCA DES key encryption
CCA RSA private key encryption
Encipherment of DES keys under RSA in “PKA92” format
Encipherment of a DES key-encrypting key under RSA in “NL-EPP-5” format.
CCA DES Key Encryption and Decryption Processes
With the CCA, multiple enciphering or multiple deciphering a key is a two-step
process. The implementation first exclusive-ORs the subject key’s control vector
with the master key or with a key-encrypting key to form keys K1 through K6. The
resulting keys (Kn) are used in the multiple-encipherment of a clear key, or the
multiple-decipherment of an encrypted key; see Figure C-4 on page C-13 for the
formation of K1 through K6 and their use with DES DEA encoding and decoding.
CCA RSA Private Key Encryption and Decryption Process
RSA private keys are generally encrypted using an “EDE” algorithm. See
“Triple-DES Ciphering Algorithms” on page D-10.
With the CCA Support Program Version 1, a private key in an internal key token
encrypted by the master key is encrypted using the EDE3 process. The secret key
is deciphered using the DED3 process. A private key in an external key token
encrypted by a transport key is encrypted using the EDE2 process. The secret key
is deciphered using the DED2 process.
With the CCA Support Program Version 2, the private key is encrypted using an
“object protection key” (OPK). The OPK is encrypted with the asymmetric master
key. For internal keys, the secret key values are then encrypted by the OPK. For
external encrypted private keys encryption is provided by the DES transport key.
See Figure B-11 on page B-13 and Figure B-12 on page B-14.
C-12 IBM 4758 CCA Basic Services, Release 2.54, February 2005