Decipher (CSNBDEC)

Edit online

Use the Decipher verb to decipher data using the DES cipher block chaining mode.

CCA supports the following processing rules to decipher data. You choose the type of processing rule that the Decipher verb should use for block chaining.

ANSI X9.23
For cipher block chaining. The ciphertext must be an exact multiple of eight bytes, but the plaintext will be between 1 and 8 bytes shorter than the ciphertext. The text_length will also be reduced to show the original length of the plaintext.
Cipher Block Chaining (CBC)
The ciphertext must be an exact multiple of eight bytes and the plaintext will have the same length.
Cryptographic Unit Support Program (CUSP)
CBC mode (cipher block chaining) that is compatible with IBM®’s CUSP and PCF products. The data need not be in exact multiples of eight bytes. The ciphertext is the same length as the plaintext.
Information Protection System (IPS)
CBC mode (cipher block chaining) that is compatible with IBM’s IPS product. The data need not be in exact multiples of eight bytes. The ciphertext is the same length as the plaintext.

The cipher block chaining (CBC) mode uses an initial chaining value (ICV) in its processing. The first eight bytes of ciphertext is deciphered and then the ICV is XORed with the resulting eight bytes of data to form the first 8-byte block of plaintext. Thereafter, the 8-byte block of ciphertext is deciphered and XORed with the previous 8-byte block of ciphertext until all the ciphertext is deciphered.

The selection between single-DES decryption mode and triple-DES decryption mode is controlled by the length of the key supplied in the key_identifier parameter. If a single-length key is supplied, single-DES decryption is performed. If a double-length or triple-length key is supplied, triple-DES decryption is performed.

A different ICV could be passed on each call to the Decipher verb. However, the same ICV that was used in the corresponding Encipher verb must be passed.

Short blocks are text lengths of between one and seven bytes. A short block can be the only block. Trailing short blocks are blocks of between one and seven bytes that follow an exact multiple of eight bytes. For example, if the text length is 21, there are two 8-byte blocks and a trailing short block of five bytes. Because the DES processes text only in exact multiples of eight bytes, some special processing is required to decipher such short blocks.

These methods of treating short blocks and trailing short blocks do not increase the length of the ciphertext compared to the length of the plaintext. If the plaintext was padded during encipherment, the length of the ciphertext will always be an exact multiple of eight bytes.

CCA supports the ANSI X9.23 padding method.

Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.

This verb does not need to document any Usage notes.