z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Modes of Operation

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

To encipher or decipher data or keys, ICSF uses either the U.S. National Institute of Standards and Technology (NIST) Data Encryption Standard (DES) algorithm or the Commercial Data Masking Facility (CDMF). The DES algorithm is documented in Federal Information Processing Standard #46. CDMF provides DES cryptography using an effectively shortened DATA key. See System Encryption Algorithm for more information.

To encipher or decipher data, ICSF also uses the U.S. National Institute of Standards and Technology (NIST) Advanced Encryption Standard (AES) algorithm. The AES algorithm is documented in Federal Information Processing Standard 197.

ICSF enciphers and deciphers using several modes of operation. Some of the modes have variations related to padding or blocking of the data. The text in parentheses is the processing rule associated with that mode.

The supported modes are:

  • Electronic code book (ECB)
  • Cipher block chaining (CBC)
    • Cipher block chaining with ciphertext stealing (CBC-CS)
    • Cipher block chaining compatible with CUSP/PCF (CUSP)
    • Cipher block chaining compatible with IPS (IPS)
    • Cipher block chaining using PKCS#7 padding (PKCS-PAD)
    • Cipher block chaining using ANSI X9.23 padding (X9.23)
    • Cipher block chaining using IBM 4700 padding (4700-PAD)
  • Cipher Feedback (CFB)
    • Cipher Feedback with a non-blocksize segment (CFB-LCFB)
  • Output Feedback (OFB)
  • Galois/Counter Mode (GCM)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014