Filter
Top Products
CCA Release 2.54
Appendix D. Algorithms and Processes
This appendix provides processing details for the following aspects of the CCA
design:
Cryptographic key-verification techniques
Ciphering methods
Triple-DES algorithms, EDE2 and EDE3
MAC calculation methods
Access-control algorithms
Master-key splitting algorithm
RSA key-pair generation.
Cryptographic Key Verification Techniques
The key-verification implementations described in this book employ several
mechanisms for assuring the integrity and/or value of the key. These subjects are
discussed:
Master key verification algorithms
CCA DES-key and key-part verification algorithm
Encrypt zeros algorithm.
Master Key Verification Algorithms
The IBM 4758 product family implementations employ “triple-length” master keys
(three DES keys) that are internally represented in 24 bytes. Verification patterns
on the contents of the new, current, and old master key registers can be generated
and verified when the selected register is not in the empty state.
The IBM 4758 Model 2 and 23 employ several verification pattern generation
methods.
SHA-1 Based Master Key Verification Method
A SHA-1 hash is calculated on the quantity X'01' prepended to the 24-byte
register contents. The resulting 20-byte hash value is used in the following ways:
The Key_Test verb uses the first eight bytes of the 20-byte hash as the random
number variable, and uses the second eight bytes as the verification pattern.
A SHA-1 based master-key verification pattern stored in a two-byte or an
eight-byte verification pattern field in a key token consists of the first two or the
first eight bytes of the calculated SHA-1 value.
Copyright IBM Corp. 1997, 2005 D-1