z/OS DFSMSdss Storage Administration
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF

What is DES and AES?

z/OS DFSMSdss Storage Administration

To manage cryptographic keys for encrypted data, DFSMSdss uses IBM® Cryptographic Services Facility (ICSF), which supports the following cryptographic standards and architectures:
  • IBM Common Cryptographic Architecture (CCA) that is based on the ANSI Data Encryption Standard (DES)
  • Advanced Encryption Standard (AES).

With DES, two parties share secret keys that are used to protect data and keys that are exchanged on the network. The sharing of secret keys establishes a secure communications channel. The only way to protect the security of the data in a shared secret key cryptographic system is to protect the secrecy of the secret key. ICSF also supports triple DES encryption for data privacy. TDES triple-length keys use three, single-length keys to encipher and decipher the data. This results in a stronger form of cryptography than that available with single DES encipher.

With AES, data can be encrypted and decrypted using 128-bit, 192-bit, and 256-bit clear keys. CBC and ECB encryption are also supported. For public key cryptography, ICSF supports both the Rivest-Shamir-Adelman (RSA) algorithm 1, and the NIST Digital Signature Standard (DSS) algorithm. RSA and DSS are the most widely used public key encryption algorithms. In this system, each party establishes a pair of cryptographic keys, which includes a public key and a private key. Both parties publish their public keys in a reliable information source, and maintain their private keys in secure storage.

Go to the previous page Go to the next page

Copyright IBM Corporation 1990, 2014