z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Enhanced CBC Wrapping of DES Keys (Enhanced Method)

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

The enhanced CBC wrapping method uses triple DES encryption, an internal chaining of the key value and CBC mode.

The enhanced wrapping of a double-length key (*K) using a double-length *KEK is defined as follows:

e*KEK(*KL) = ecbcKEKL(dcbcKEKR(ecbcKEKL(KLPRIME || KR)))

KLPRIME = KL XOR SHA1(KR)

Where:

  • KL is the left 64 bits of *K.
  • KR is the right 64 bits of *K.
  • KLPRIME is the 64 bit modified value of KL
  • KEKL is the left 64 bits of *KEK.
  • KEKR is the right 64 bits of *KEK.
  • SHA1(X) is the 160-bit SHA-1 hash of X
  • || means concatenation.
  • XOR means bitwise exclusive OR
  • ecbc means encryption using cipher block chaining mode
  • dcbc means decryption using cipher block chaining mode

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014