Cipher text translation keys

Cipher text translation keys protect data that is transmitted through intermediate systems when the originator and receiver do not share a common key. Data that is enciphered under one cipher text translation key is reenciphered under another cipher text translation key on the intermediate node. During this process, the data never appears in the clear.

A cipher text translation key cannot be used in the decipher callable service to decipher data directly. It can translate the data from encipherment under one cipher text translation key to encipherment under another cipher text translation key. See Protection of data for a description of how cipher text translation keys protect data that is sent through intermediate systems.

Table 1. DES cipher text translate keys
DES keys Callable services
CIPHERXL class (cipher text translate keys):
  • These key are used to translate cipher text.
  • The keys are double-length.
CIPHERXI Cipher Text Translate2 (translate inbound key only)
CIPHERXL Cipher Text Translate2 (translate inbound and outbound key)
CIPHERXO Cipher Text Translate2 (translate outbound key only)
Availability notes: DES CIPHERXL class keys require zEC12, zBC12, and later systems with a CEX3C or later coprocessor with September 2012 or later licensed internal code.
Table 2. AES cipher text translate keys
AES keys Callable services
CIPHERXL class (data operation keys):
  • These key are used to encrypt and decrypt data.
  • The keys can be 128, 192, or 256 bits in length.
  • The key usage flags in the associated data can be used to restrict usage to encipher only or decipher only.
  • The key usage flags in the associated data can be used to restrict usage to translate cipher text only.
CIPHER Cipher Text Translate2
Availability notes:
Parent topic: Symmetric keys