A clear key does not have it's key value encrypted under another
key, unlike encrypted keys who do have their key value encrypted by
a master key or key encrypting key.
There are four callable services you can use to convert a clear
key to an encrypted key:
- To convert a clear key to an encrypted data key in operational
form, use either the Clear Key Import callable service or the Multiple
Clear Key Import callable service.
- To convert a clear key to an encrypted key of any type, in operational
or importable form, use either the Secure Key Import callable service
or the Multiple Secure Key Import callable service.
Note: The Secure Key Import and Multiple Secure Key Import callable
services can only execute in special secure mode.
AES and DES clear keys can be place in key tokens and stored in
the CKDS for used by callable services.
Table 1. Descriptions
of Clear key types and service usage| Clear key type |
Usable with services |
|---|
| Fixed-length DES key-token,
version X'00' and X'01' |
DATA class (data operation
keys):- These key are used to encrypt and decrypt data.
- DES DATA keys can be single-length, double-length, or triple-length.
|
| DATA |
Symmetric Key Decipher, Symmetric Key Encipher |
DATA class (data operation
keys):- AES DATA keys can be 128-bit, 192-bit and 256-bit keys
|
| DATA |
Symmetric Key Decipher, Symmetric Key Encipher |