Encipher (CSNBENC)

Edit online

Use the Encipher verb to encipher data using the DES cipher block chaining mode.

CCA supports the following processing rules to encipher data. You choose the type of processing rule that the Encipher verb should use for the block chaining.
Cipher block chaining (CBC)
In exact multiples of eight bytes.
Cryptographic Unit Support Program (CUSP)
CBC mode (cipher block chaining) that is compatible with IBM®’s CUSP and PCF products. The data need not be in exact multiples of eight bytes. The ciphertext is the same length as the plaintext.
Information Protection System (IPS)
CBC mode (cipher block chaining) that is compatible with IBM’s IPS product. The data need not be in exact multiples of eight bytes. The ciphertext is the same length as the plaintext.
ANSI X9.23
For block chaining not necessarily in exact multiples of eight bytes. This process rule pads the plaintext so that ciphertext produced is an exact multiple of eight bytes.
For more information about the processing rules, see Table 1 and Ciphering methods.

The cipher block chaining (CBC) mode of operation uses an initial chaining vector (ICV) in its processing. The ICV is XORed with the first eight bytes of plaintext before the encryption step and thereafter, the 8-byte block of ciphertext just produced is XORed with the next 8-byte block of plaintext and so on. This disguises any pattern that might exist in the plaintext.

The selection between single-DES encryption mode and triple-DES encryption mode is controlled by the length of the key supplied in the key_identifier parameter. If a single-length key is supplied, single-DES encryption is performed. If a double-length or triple-length key is supplied, triple-DES encryption is performed.

To nullify the CBC effect on the first 8-byte block, supply eight bytes of zero. However, the ICV might require zeros.

Cipher block chaining also produces a resulting chaining value called the output chaining vector (OCV). The application can pass the OCV as the ICV in the next encipher call. This results in record chaining.

Note that the OCV that results is the same, whether an Encipher or a Decipher verb was invoked, assuming the same text, ICV, and key were used.

Short blocks are text lengths of between one and seven bytes. A short block can be the only block. Trailing short blocks are blocks of between one and seven bytes that follow an exact multiple of eight bytes. For example, if the text length is 21, there are two 8-byte blocks, and a trailing short block of five bytes.

An alternative method is to pad the plaintext and produce a ciphertext that is longer than the plaintext. The plaintext can be padded with up to eight bytes using one of several padding methods. This padding produces a ciphertext that is an exact multiple of eight bytes in length.

If the cleartext is already a multiple of eight, the ciphertext can be created using any processing rule.

Because of padding, the returned ciphertext length is longer than the provided plaintext. Therefore, the text_length parameter is modified. The returned ciphertext field should be eight bytes longer than the length of the plaintext to accommodate the maximum amount of padding.

Attention: If you lose the data-encrypting key under which the data (plaintext) is enciphered, the data enciphered under that key (ciphertext) cannot be recovered.
Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.

This verb does not need to document any Usage notes.