Usage notes
Usage notes for CSNBCTT2.
The initialization vectors must have already been established between the communicating applications or must be passed with the data.
| Input cipher method | Output cipher method | Input ciphertext length restriction(s) | Output ciphertext length restriction(s) |
|---|---|---|---|
| DES CBC | DES CBC X9.23 | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the sum of the length of the input ciphertext and a DES block. |
| DES CBC | AES CBC PKCSPAD | Input ciphertext must be a multiple of a DES block. | If the input ciphertext is not a multiple of an AES block, then the output ciphertext length must be greater than or equal to the sum of the input ciphertext length and a DES block. If the input ciphertext is a multiple of an AES block, then the output ciphertext length must be greater than or equal to the sum of the input ciphertext length and an AES block. |
| DES CBC | DES CUSP or IPS | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC | DES CBC | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC | AES CBC | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC | AES CBC | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC CUSP or IPS | DES CBC CUSP or IPS | No restrictions | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC CUSP or IPS | DES CBC | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC CUSP or IPS | AES CBC or ECB | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC CUSP or IPS | DES CBC X9.23 | No restrictions | Output ciphertext length must be greater than or equal to the sum of the input ciphertext length and a DES block. |
| DES CBC CUSP or IPS | AES CBC PKCSPAD | No restrictions | Output ciphertext length must be greater than or equal to the sum of the input ciphertext length and an AES block. |
| DES CBC X9.23 | DES CBC X9.23 | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC X9.23 | AES CBC PKCSPAD | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the sum of the input ciphertext length and a DES bock. |
| DES CBC X9.23 | DES CBC CUSP or IPS | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| DES CBC X9.23 | DES CBC | Input ciphertext must be a multiple of a DES block. | Output ciphertext length must be greater than or equal to the input ciphertext length.
Note: This operation is not possible if the padding is determined by the adapter to be from 1-7
bytes.
|
| DES CBC X9.23 | AES CBC | Input ciphertext must be a multiple of a DES block but must not be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length.
Note: This operation is not possible if the padding is determined by the adapter to be from 1-7
bytes.
|
| DES CBC X9.23 | AES ECB | Input ciphertext must be a multiple of a DES block but must not be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length.
Note: This operation is not possible if the padding is determined by the adapter to be from 1-7
bytes.
|
| AES CBC or ECB | DES CBC X9.23 | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the sum of the input ciphertext length and a DES bock. |
| AES CBC or ECB | AES CBC PKCSPAD | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the sum of the input ciphertext length and an AES bock. |
| AES CBC or ECB | DES CBC CUSP or IPS | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC or ECB | DES CBC | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC or ECB | AES CBC | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC or ECB | AES ECB | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC PKCSPAD | DES CBC X9.23 | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC PKCSPAD | AES CBC PKCSPAD | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length. |
| AES CBC PKCSPAD | DES CBC CUSP or IPS | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length minus 1. |
| AES CBC PKCSPAD | DES CBC | Input ciphertext must be a multiple of an AES block. Output ciphertext length must be greater than or equal | Output ciphertext length must be greater than or equal to the input ciphertext length minus
the length of a DES block. Note: This operation is not possible if the padding is determined by the
adapter to be from 1-7 bytes or 9-15 bytes. |
| AES CBC PKCSPAD | AES CBC | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length minus
the length of a AES block. Note: This operation is not possible if the padding is determined by the
adapter to be from 1-15 bytes. |
| AES CBC PKCSPAD | AES ECB | Input ciphertext must be a multiple of an AES block. | Output ciphertext length must be greater than or equal to the input ciphertext length minus
the length of an AES block. Note: This operation is not possible if the padding is determined by the
adapter to be from 1-15 bytes. |
There are requirements for the keys for the key_identifier_in and key_identifier_out parameters. The key_identifier_in key must be able to decipher text. The key_identifier_out key must be able to encipher text.
AESDATA is the 64-byte AES DATA key type.
| key_identifier_in (DEC bit except DATA and AESDATA) | key_identifier_out (ENC bit except DATA and AESDATA) |
|---|---|
|
DATA |
DATA |
|
AESDATA |
DATA (must be at least double-length |
- Translation from stronger encryption to single-key DES is not allowed.
- Translation from a triple-length DES key to a double-length DES key requires the Cipher Text Translate2 - Allow translate to weaker DES access control point (offset X'01C3') to be enabled.
- When the Cipher Text Translate2 - Allow only cipher text translate types access control point (offset X'01C4') is enabled, only CIPHERXI, CIPHERXL, and CIPHERXO DES key types are allowed and AES key tokens with key type CIPHER must be set to allow data translate (C-XLATE).