CCA DES-key verification algorithm

Edit online

The cryptographic engines provide a method for verifying the value of a DES cryptographic key or key part without revealing information about the value of the key or key part.

The CCA verification method first creates a random number. A one-way cryptographic function combines the random number with the key or key part. The verification method returns the result of this one-way cryptographic function (the verification pattern) and the random number.

Note: A one-way cryptographic function is a function in which it is easy to compute the output from a given input, but it is not computationally feasible to compute the input given an output.

For information about how you can use an application program to invoke this verification method, see Key Test (CSNBKYT).

The CCA DES key verification algorithm does the following:
  1. Sets KKR′ = KKR XOR RN
  2. Sets K1 = X'4545454545454545'
  3. Sets X1 = DES encoding of KKL using key K1
  4. Sets K2 = X1 XOR KKL
  5. Sets X2 = DES encoding of KKR′ using key K2
  6. Sets VP = X2 XOR KKR′
where:
RN
Is the random number generated or provided
KKL
Is the value of the single-length key, or is the left half of the double-length key
KKR
Is XL8'00' if the key is a single-length key, or is the value of the right half of the double-length key
VP
Is the verification pattern