IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
Triple-DES Ciphering Algorithms
Triple-DES is used to encrypt keys, PIN blocks, and general data. Several
techniques are employed:
T-DES ECB DES keys, when triple encrypted under a double-length DES key, are
ciphered using an e-d-e scheme without feedback. SeeFigure C-4 on
page C-13.
Triple-DES CBC Encryption of general data, and RSA section type X'08'
CRT-format private keys and OPK keys, employs the scheme depicted
in Figure D-7 on page D-11 and Figure D-8 on page D-11. This is
often referred to as “outer CBC mode.”
The CCA implementation described in this publication supports
double-length DES keys for triple-DES data encryption through the use
of the Decipher and Encipher verbs. The triple-length asymmetric
master key is used to CBC encrypt CRT-format OPK keys. (See also
Figure B-12 on page B-14.)
EDEx / DEDx CCA employs “EDEx” processes for encrypting several of the RSA
private key formats (section types X'02', X'05', and X'06') and the
OPK key in section type X'06'. The EDEx processes make successive
use of single-key DES CBC processes. EDE2, EDE3, and EDE5
processes have been defined based on the number of keys and
initialization vectors used in the process. See Figure D-9 and
Figure D-10. K1, K2, and K3 are true keys while “K4” and “K5” are
initialization vectors. See Figure D-9 on page D-12 and Figure D-10.
D-10 IBM 4758 CCA Basic Services, Release 2.54, February 2005