Parameters
The parameter definitions for CSNBCTT2.
For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.
- rule_array_count
A pointer to an integer variable containing the number of elements in the rule_array variable. The value must be 4 or 5.Direction: Input Type: Integer - rule_array
The keyword that provides control information to the verb. The processing method is the algorithm used to create the generated key. The keyword is left-aligned and padded on the right with blanks. The rule_array keywords are described in Table 1.Direction: Input Type: String array Table 1. Keywords for Cipher Text Translate2 control information Keywords for Cipher Text Translate2 control information
Keyword Description Inbound Processing Rule (One required) I-CBC Specifies encryption using CBC mode for the inbound ciphertext. The text length must be a multiple of the block size. The DES block size is 8 bytes. The AES block size is 16 bytes. I-CUSP Specifies that CBC with CUSP processing for the inbound ciphertext. The ciphertext may be any length. The ciphertext is the same length as the plaintext. This keyword is only valid with DES. I-ECB Specifies encryption using ECB mode for the inbound ciphertext. The text must be a multiple of the block size. This keyword is only valid for AES encryption. I-IPS Specifies that CBC with IPS processing has been used for the inbound ciphertext. The ciphertext may be any length. The ciphertext is the same length as the plaintext. This keyword is only valid with DES. IPKCSPAD Specifies that CBC with PKCS padding was used for the inbound ciphertext. The text was padded on the right with 1 - 16 bytes of pad characters, making the padded text a multiple of the AES block size, before the data was enciphered. Each pad character is valued to the number of pad characters added. This keyword is only valid for AES encryption. I-X923 Specifies that CBC with X9.24 padding was used for the inbound ciphertext. This is compatible with the requirements in ANSI Standard X9.23. This keyword is only valid for DES encryption. Outbound processing rule (One required) O-CBC Specifies that encryption in CBC mode is used for the outbound ciphertext. The text length must be a multiple of the block size. The DES block size is 8 bytes. The AES block size is 16 bytes. O-CUSP Specifies that CBC with CUSP processing is used for the outbound text. The outbound ciphertext has the same length as the plaintext. This keyword is only valid with DES. O-ECB Specifies that encryption using ECB mode is used for the outbound ciphertext. The text must be a multiple of the block size. This keyword is only valid for AES encryption. O-IPS Specifies that CBC with IPS processing is used for the outbound text. The outbound ciphertext has the same length as the plaintext. This keyword is only valid with DES. OPKCSPAD Specifies that CBC with PKCS padding is used for the outbound text. The outbound text is padded on the right with 1 - 16 bytes of pad characters, making the padded text a multiple of the AES block size, before the data was enciphered. Each pad character is valued to the number of pad characters added. This keyword is only valid for AES encryption. O-X923 Specifies that CBC with X9.24 padding is used for the outbound text. This is compatible with the requirements in ANSI Standard X9.23. This keyword option is only valid for DES encryption. Segmenting control (One optional) CONTINUE Specifies the initialization vectors are taken from the chaining vector. The chaining vector is updated and must not be modified between calls. This keyword is ignored for I-ECB and O-ECB processing rules. The CONTINUE keyword is not valid with the I-X923 or O-X923 keywords. INITIAL Specifies that the initialization vectors are taken from the init_vector_in and init_vector_out parameters. This is the default. This keyword is ignored for I-ECB and O-ECB processing rules. Inbound key identifier (One required) IKEY-DES Specifies that the inbound key identifier is a DES key. IKEY-AES Specifies that the inbound key identifier is an AES key. Outbound key identifier (One required) OKEY-DES Specifies that the outbound key identifier is a DES key. OKEY-AES Specifies that the outbound key identifier is an AES key. - key_identifier_in_length
Length of the key_identifier_in in bytes. The value is 64 when a label is supplied. When the key identifier is a key token, the value is the length of the token. The maximum value is 9992.Direction: Input Type: Integer - key_identifier_in
An internal CCA or TR-31 key token or the label of such a token in key storage, containing the cipher translation key for the inbound ciphertext.Direction: Input/Output Type: String Acceptable CCA DES key types are DATA, CIPHER, CIPHERXI, CIPHERXL, and DECIPHER. The keys must have bit 19 for DECIPHER set on in the control vector. The key may be a single-, double-, or triple-length key. If the Cipher Text translate2 - Allow only cipher text translate types access control point is enabled, only CIPHERXI and CIPHERXL are allowed.
Acceptable TR-31 DES tokens must have the following attributes:
- TR-31 key usage: D0 or D3
- Algorithm: D or T
- TR-31 mode of key use: B or D
Acceptable CCA AES key types include the 64-byte AES DATA key and the variable length token CIPHER key with the DECRYPT bit on in the key usage field. The C-XLATE bit can optionally be on. If the Cipher Text translate2 - Allow only cipher text translate types access control point is enabled, the C-XLATE bit must be turned on in the key usage field.
Acceptable TR-31 AES tokens must have the following attributes:
- TR-31 key usage: D0 or D3
- Algorithm: A
- TR-31 mode of key use: B or D
- init_vector_in_length
Length of the init_vector_in field in bytes. For AES keys, the length is 16. For DES keys, the length is 8. When the initialization vector is not required (segmenting rule CONTINUE, processing rule I-ECB), the value must be 0.Direction: Input Type: Integer - init_vector_in
The initialization vector that is used to decipher the input data. This parameter is the initialization vector used at the previous cryptographic node. This parameter is required for segmenting rule INITIAL.Direction: Input Type: String - cipher_text_in_length
The length of the ciphertext to be processed. See the table of ciphertext length restrictions in Usage notes.Direction: Input Type: Integer - cipher_text_in
The text that is to be translated. The text is enciphered under the cipher key specified in the key_identifier_in parameter.Direction: Input Type: String - chaining_vector_length
The length of the chaining_vector parameter in bytes. The chaining_vector field must be 128 bytes long.Direction: Input Type: Integer - chaining_vector
The chaining_vector parameter is a work area used by the service to carry segmented data between procedure calls. This area must not be modified between calls to the service.Direction: Input/Output Type: String - key_identifier_out_length
The length of the key_identifier_out parameter in bytes. This value is 64 when a label is supplied. When the key identifier is a key token, the value is the length of the token. The maximum value is 9992.Direction: Input Type: Integer - key_identifier_out
An internal CCA or TR-31 key token or the label of such a token in key storage containing the cipher translation key for the outbound ciphertext.Direction: Input/Output Type: String Acceptable CCA DES key types are DATA, CIPHER, CIPHERXL, CIPHERXO, and ENCIPHER. The key may be a double- or triple-length key. If the Cipher Text translate2 – Allow only cipher text translate types access control point is enabled, only CIPHERXO and CIPHERXL are allowed. Acceptable DES key types are DATA, CIPHER, CIPHERXL, CIPHERXO, and ENCIPHER. The keys must have bit 18 for ENCIPHER set on in the control vector. The key may be a double- or triple-length key. If the Cipher Text translate2 - Allow only cipher text translate types access control point is enabled, only CIPHERXO and CIPHERXL are allowed.
Acceptable TR-31 DES tokens must have the following attributes:
- TR-31 key usage: D0 or D3
- Algorithm: T
- TR-31 mode of key use: B or E
Acceptable CCA AES key types include the 64-byte AES DATA key and the variable length token CIPHER key with the ENCRYPT bit on in the key usage field.
The C-XLATE bit can optionally be on. If the Cipher Text translate2 – Allow only cipher text translate types access control point is enabled, the C-XLATE bit must be turned on in the key usage field.
Acceptable TR-31 AES tokens must have the following attributes:
- TR-31 key usage: D0 or D3
- Algorithm: A
- TR-31 mode of key use: B or E
- init_vector_out_length
The length of the init_vector_out parameter in bytes. For AES keys, the length is 16. For DES keys, the length is 8. When the initialization vector is not required (segmenting rule CONTINUE, processing rule O-ECB), the value must be 0.Direction: Input Type: Integer - init_vector_out
The initialization vector that is used to encipher the input data. This is the new initialization vector used when the callable service enciphers the plaintext. This parameter is required for segmenting rule INITIAL.Direction: Input Type: String - cipher_text_out_length
The length of the cipher_text_out parameter in bytes. This parameter is updated with the actual length of the data in the cipher_text_out parameter. Note that padding may require this value to be larger than the cipher_text_in_length parameter (see Table 1).Direction: Input/Output Type: Integer - cipher_text_out
The field where the callable service returns the translated text.Direction: Output Type: String - reserved1_length
The length of the reserved1 parameter in bytes. The value must be zero.Direction: Input Type: Integer - reserved1
This parameter is ignored.Direction: Input Type: String - reserved2_length
The length of the reserved2 parameter in bytes. The value must be zero.Direction: Input Type: Integer - reserved2
This parameter is ignored.Direction: Input Type: String