Required commands

The required commands for CSNBKTR.

This verb requires the Key Translate command (offset X'001F') to be enabled in the active role.

In releases before Release 5.4 and Release 6.2, triple-length TDES keys are not supported, thus limiting an outbound TDES key to double length. Beginning with Release 5.4, triple-length TDES keys are supported, and an outbound TDES key can be double-length or triple-length. This makes it possible for data that is encrypted using a triple-length key to be translated to data encrypted using a weaker double-length key. Such a translation reduces the security of the data and causes a security exposure, and CCA normally restricts such a translation from occurring. To override this restriction, the Cipher Text Translate2 - Allow translate to weaker DES command (offset X’01C3’) must be enabled in the active role.

Note: This command affects multiple verbs. See Access control points and verbs.
Also, beginning with Release 5.4 and Release 6.2, it is possible to do a translation using an output key that is weaker than the input key. To disallow this, set the command shown in Table 1:
Table 1. Disallow translation to a weaker key
Algorithm of input KEK key Algorithm of output KEK key Command offset (Release 5.4 or later) Command to disallow translation using a weaker key
DES DES X'01C7' Disallow translation from DES wrapping to weaker DES wrapping
Note: This command affects multiple verbs. See Access control points and verbs.