# Cryptography concepts

This topic provides a basic understanding of cryptographic function and an overview of the cryptographic services for the systems running the IBM i operating system.

## Cryptography

Cryptography is the study and implementation of processes, which manipulate data for the purpose of hiding and authenticating information.

The IBM i cryptographic services help ensure data privacy, maintain data integrity, authenticate communicating parties, and prevent repudiation when a party refutes having sent a message.

## Cryptographic algorithms

A cryptographic algorithm is a mathematical procedure that is used in the transformation of data for the purpose of securing data.

- Cipher algorithms
- A cipher algorithm transforms understandable information (plaintext)
into an unintelligible piece of data (ciphertext), and can transform
that unintelligible data back into understandable information.There are two types of cipher algorithms:
- Symmetric
With a symmetric or secret key algorithm, the key is a shared secret between two communicating parties. Encryption and decryption both use the same key. The Advanced Encryption Standard (AES) is an example of a symmetric key algorithm.

There are two types of symmetric key algorithms:- Block cipher
In a block cipher, the cipher algorithm works on a fixed-size block of data. For example, if the block size is eight, eight bytes of plaintext are encrypted at a time. Normally, the user's interface to the encrypt/decrypt operation handles data longer than the block size by repeatedly calling the low-level cipher function.

- Stream cipher
Stream ciphers do not work on a block basis, but convert 1 bit (or 1 byte) of data at a time. Basically, a stream cipher generates a keystream based on the provided key. The generated keystream is then XORed with the plaintext data.

- Block cipher
- Asymmetric
With an asymmetric or public key algorithm (PKA), a pair of keys is used. One of the keys, the private key, is kept secret and not shared with anyone. The other key, the public key, is not secret and can be shared with anyone. When data is encrypted by one of the keys, it can only be decrypted and recovered by using the other key. The two keys are mathematically related, but it is virtually impossible to derive the private key from the public key. The RSA algorithm is an example of a public key algorithm.

Public key algorithms are slower than symmetric key algorithms. Applications typically use public key algorithms to encrypt symmetric keys (for key distribution) and to encrypt hashes (in digital signature generation).

- Symmetric

Together, the key and the cryptographic algorithm transform data. All of the supported algorithms are in the public domain. Therefore, it is the key that controls access to data. You must safeguard the keys to protect data.

- One-way hash algorithms
- A cryptographic hash algorithm produces a fixed-length output
string (often called a digest) from a variable-length input string.
For all practical purposes, the following statements are true of a
good hash function:
- Collision resistant: If any portion of the data is modified, a different hash will be generated.
- One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it.

- Key distribution algorithms
- When encrypted data must be decrypted at another location, distributing
the key in a secure manner can be a challenge. There are many methods
of key distribution. Some employ a cryptographic algorithm.
- RSA: An RSA public key is used to encrypt a symmetric key which is then distributed. The corresponding private key is used to decrypt it.
- Diffie-Hellman: The communicating parties generate and exchange D-H parameters which are then used to generate PKA key pairs. The public keys are exchanged and each party is then able to compute the symmetric key independently.

- Random number generation algorithms
- Many security-related functions rely on random number generation. Random number generation is
performed both in IBM i using Cryptographic Services and
on the cryptographic coprocessors using CCA. Both use a FIPS approved pseudorandom number generator
(PRNG).
On the cryptographic coprocessor, an electronic noise source provides unpredictable input to a random bit-value accumulator. Periodically the hardware outputs seed to a FIPS 140-1 approved pseudorandom number generator.

The IBM i pseudorandom number generator resides in the IBM i LIC (Licensed Internal Code). It uses a PRNG algorithm from Appendix 3 of FIPS 186-2, Digital Signature Standard (DSS).

Cryptographically strong pseudorandom numbers rely on good seed. The FIPS 186-2 algorithm is seeded from a system seed digest. The system automatically generates seed using data collected from system information or by using the random number generator function on a cryptographic coprocessor if one is available. System-generated seed can never be truly unpredictable. If a cryptographic coprocessor is not available, you should add your own random seed (via the Add Seed for Pseudorandom Number Generator API) to the system seed digest. This should be done as soon as possible any time the Licensed Internal Code is installed.

## Cryptographic operations

Different cryptographic *operations* may
use one or more *algorithms*. You choose the cryptographic operation
and algorithm(s) depending on your purpose. For example, for the purpose
of ensuring data integrity, you might want to use a MAC (message authentication
code) operation with the AES algorithm.

The system provides
several API sets that support cryptographic operations. See the **System
cryptography overview** information at the bottom of this topic
for more information.

## Data privacy

Cryptographic operations for the purpose of data privacy (confidentiality) prevent an unauthorized person from reading a message. The following operations are included in data privacy:

- Encrypt and Decrypt
- The encrypt operation changes plaintext data into ciphertext through
the use of a cipher algorithm and key. To restore the plaintext data,
the decrypt operation must employ the same algorithm and key. Encryption and decryption may be employed at any level of the operating system. There are three levels:
- Field level encryption
- With field level encryption, the user application explicitly requests cryptographic services. The user application completely controls key generation, selection, distribution, and what data to encrypt.
- Session level encryption
- With encryption at the session layer, the system requests cryptographic services instead of an application. The application may or may not be aware that encryption is happening.
- Link level encryption
- Link level encryption is performed at the lowest level of the protocol stack, usually by specialized hardware.

- Translate
- The translate operation decrypts data from encryption under one key and encrypts the data under another key. This is done in one step to avoid exposing the plaintext data within the application program.

## Data integrity, authenticity, and non-repudiation

Encrypted data does not mean the data can not be manipulated (for example, repeated, deleted, or even altered). To rely on data, you need to know that it comes from an authorized source and is unchanged. Additional cryptographic operations are required for these purposes.

- Hash (Message Digest)
- Hash operations are useful for authentication purposes. For example, you can keep a copy of a digest for the purpose of comparing it with a newly generated digest at a later date. If the digests are identical, the data has not been altered.
- MAC (Message Authentication Code)
- A MAC operation uses a secret key and cipher algorithm to produce
a value (the MAC) which later can be used to ensure the data has not
been modified. Typically, a MAC is appended to the end of a transmitted
message. The receiver of the message uses the same MAC key, and algorithm
as the sender to reproduce the MAC. If the receiver's MAC matches
the MAC sent with the message, the data has not been altered.
The MAC operation helps authenticate messages, but does not prevent unauthorized reading because the transmitted data remains as plaintext. You must use the MAC operation and then encrypt the entire message to ensure both data privacy and integrity.

- HMAC (Hash MAC)
- An HMAC operation uses a cryptographic hash function and a secret shared key to produce an authentication value. It is used in the same way a MAC is used.
- Sign/Verify
- A sign operation produces an authentication value called a digital
signature. A sign operation works as follows:
- The data to be signed is hashed, to produce a digest.
- The digest is encrypted using a PKA algorithm and a private key, to produce the signature.

- The signature is decrypted using the sender's PKA public key, to produce digest 1.
- The data that was signed is hashed, to produce digest 2.
- If the two digests are equal, the signature is valid.

## Key and random number generation

Many security-related functions rely on random number generation, for example, salting a password or generating an initialization vector. An important use of random numbers is in the generation of cryptographic key material. Key generation has been described as the most sensitive of all computer security functions. If the random numbers are not cryptographically strong, the function will be subject to attack.

## Financial PINs

Personal identification number (PIN) generation and handling are also considered cryptographic operations.

A PIN is a unique number assigned to an individual by an organization. PINs are commonly assigned to customers by financial institutions. The PIN is typed in at a keypad and compared with other customer associated data to provide proof of identity.

To generate a PIN, customer validation data is encrypted by a PIN key. Other processing is done on the PIN as well, such as putting it in a particular format.

## Key management

Key management is the secure handling and storage of cryptographic keys. This includes key storage and retrieval, key encryption and conversions, and key distribution.

**Key
storage**

Key storage on the system includes the following:

- Cryptographic Services keystore
In addition, keys can also be stored on the Cryptographic Coprocessors themselves.

- Digital certificate manager certificate store
- CCA keystore (used with the Cryptographic Coprocessors)
- JCE keystore

**Key Encryption and Conversions**

- At the top is a master key (or keys). The master key is the only clear key value and must be stored in a secure fashion.
- Key-encrypting keys (KEKs) are used to encrypt other keys. Typically, a KEK is used to encrypt a stored key, or a key that is sent to another system. KEKs are normally encrypted under a master key.
- Data keys are keys used directly on user data (such as to encrypt or MAC). A data key may be encrypted under a KEK or under a master key.

**Key Distribution**

Typically, data encryption is performed using symmetric key algorithms. The symmetric keys are distributed using asymmetric key algorithms as described above. Keys are made ready to send by using an Export operation. Keys are received into the system using an Import operation.

## System cryptography overview

- Cryptographic Service Providers
- A cryptographic service provider (CSP) is the software or hardware
that implements a set of cryptographic operations. The system supports
several CSPs:
- 4769 Cryptographic Coprocessor
- 4767 Cryptographic Coprocessor (no longer available, but still supported)
- IBM i LIC
- Java™ Cryptography Extensions

- Cryptographic API sets
- User applications can utilize cryptographic services indirectly
via IBM i functions
such as TLS, VPN IPSec, and LDAP. User applications can also access
cryptographic services directly using the following APIs:
- CCA
The Common Cryptographic Architecture (CCA) API set is provided for running cryptographic operations on a Cryptographic Coprocessor.

- IBM i Cryptographic
Services
The IBM i Cryptographic Services API set is provided for running cryptographic operations within the Licensed Internal Code.

- Java Cryptography
Java Cryptography Extension (JCE) is a standard extension to the Java Software Development Kit.

- Network Authentication Service
GSS (Generic Security Services), Java GSS, and Kerberos APIs are part of the Network Authentication Service which provides authentication and security services. These services include session level encryption capability.

- IBM i TLS and
JSSE
IBM i TLS and JSSE support the Transport Layer Security Protocol. APIs provide session level encryption capability.

- SQL
Structured Query Language is used to access or modify information in a database. SQL supports encryption/decryption of database fields.

- CCA

CSP APIs | IBM i LIC | JCE | 4769, 4767 |
---|---|---|---|

CCA |
X | ||

IBM i Cryptographic
Services |
X | ||

Java Cryptography |
X | X | |

Network Authentication Service |
X | X | |

IBM i TLS
and JSSE |
X | X | X |

SQL |
X |