Triple-length TDES keys
The cryptographic keys are grouped into the following categories based on the functions that they perform.
Depending on the key type, a DES key can be single, double, or triple in length (triple-length TDES keys are supported in Release 5.4 or later). A single-length DES key can be used for single DES operations, while a double-length or triple-length key can be used for Triple-DES (TDES) operations. Assuming unique key parts, a triple-length TDES key provides far greater protection against an adversary obtaining the clear value of the enciphered quantity than a double-length TDES or single-length DES key.
Note: Three-key TDES keys with unique key parts are strongly recommended to be used whenever
possible for any new applications.
Each DES key type supports double-length keys for TDES (that is, two-key TDES). Beginning with Release
5.4, some DES key types support triple-length keys for TDES (that is, three-key TDES). Table 33 on page
200 defines which key types do and do not support triple-length TDES keys.
| DES key category | Supported triple-length TDES key types | Unsupported triple-length TDES key types |
|---|---|---|
| Data operation keys | DATA, CIPHER, DECIPHER, ENCIPHER, MAC, MACVER | DATAC, DATAM, DATAMV, CIPHERXI, CIPHERXO, CIPHERXL, SECMSG |
| PIN processing keys | PINGEN, PINVER, IPINENC, OPINENC | N/A |
| Cryptographic variable encrypting keys | N/A | CVARPINE, CVARDEC, CVARXCVL, CVARXCVR, CVARENC |
| Key encrypting keys | EXPORTER, IMPORTER, IMP-PKA | OKEYXLAT, IKEYXLAT |
| Key generating keys | N/A | KEYGENKY, DKYGENKY |