ICSF uses triple DES encipherment whenever they encipher a key under a key-encrypting key like the master key or a transport key. In addition to protecting and retrieving cryptographic keys, ICSF uses triple DES encipherment and decipherment to protect or retrieve 64-bit PIN blocks in the area of PIN applications. Triple DES encipherment is superior to single encipherment because it is much harder to break. The actual process to encipher a key depends on the type of key that is being enciphered and the type of key-encrypting key that is being used to encipher it.
Figure 1 shows an example of triple DES encipherment. In this example, the left half of the enciphering key is used to encrypt the key in the first step. The result is then decrypted under the right half of the enciphering key. Finally, this result is encrypted under the left half of the enciphering key again.
ICSF uses triple DES data encipherment with either double-length or triple-length DATA keys to protect data. For this procedure the data is first enciphered using the first DATA key. The result is then deciphered using the second DATA key. When using a triple-length key, this second result is then enciphered using the third DATA key. When using a double-length key, the first DATA key is reused to encrypt the second result.