Triple-length TDES keys

The cryptographic keys are grouped into the following categories based on the functions that they perform.

Depending on the key type, a DES key can be single, double, or triple in length (triple-length TDES keys are supported in Release 5.4 or later). A single-length DES key can be used for single DES operations, while a double-length or triple-length key can be used for Triple-DES (TDES) operations. Assuming unique key parts, a triple-length TDES key provides far greater protection against an adversary obtaining the clear value of the enciphered quantity than a double-length TDES or single-length DES key.

Note: Three-key TDES keys with unique key parts are strongly recommended to be used whenever possible for any new applications. Each DES key type supports double-length keys for TDES (that is, two-key TDES). Beginning with Release 5.4, some DES key types support triple-length keys for TDES (that is, three-key TDES). Table 33 on page 200 defines which key types do and do not support triple-length TDES keys.
Table 1. List of supported and unsupported triple-length TDES key types (Release 5.4 or later)
DES key category Supported triple-length TDES key types Unsupported triple-length TDES key types
Data operation keys DATA, CIPHER, DECIPHER, ENCIPHER, MAC, MACVER DATAC, DATAM, DATAMV, CIPHERXI, CIPHERXO, CIPHERXL, SECMSG
PIN processing keys PINGEN, PINVER, IPINENC, OPINENC N/A
Cryptographic variable encrypting keys N/A CVARPINE, CVARDEC, CVARXCVL, CVARXCVR, CVARENC
Key encrypting keys EXPORTER, IMPORTER, IMP-PKA OKEYXLAT, IKEYXLAT
Key generating keys N/A KEYGENKY, DKYGENKY