IBM Common Cryptographic Architecture (CCA)
This topic describes the details about:
- Symmetric key services: Symmetric key algorithms and processing.
- Asymmetric key services: Asymmetric key algorithms and processing.
- Hashing services: Hashing algorithms and processing.
Symmetric key algorithms and processing
- A clear key is not wrapped by another key.
- A secure key is wrapped by a key.
- An operational key is a secure key wrapped by a CCA master key.
- A protected key is a secure key wrapped by the CPACF master key (HPSK).
- DES and TDES
-
- Data-encryption: Clear, operational, and CPACF protected keys.
- Message authentication: Operational keys.
- Key management: Operational keys.
- Financial services: Operational keys.
- AES
-
- Data-encryption: Clear, operational, and CPACF protected keys.
- Message authentication: Operational keys.
- Key management: Operational keys.
- Financial services: Operational keys.
- HMAC
-
- Message authentication: Clear and operational keys.
Asymmetric key algorithms and processing
- A public key is always in the clear.
- A clear private key is not wrapped by any key.
- An operational private key of an asymmetric key is wrapped by a CCA master key.
- RSA
-
- Signature: Clear and operational keys.
- Key management: Clear and operational keys.
- EC
-
- Signature: Clear, operational, and protected keys.
- Dilithium
-
Signature: Clear and secure keys.
- ML-DSA
-
- Signature: Clear and secure keys.
- Diffie-Hellman
-
- Key management: Clear and operational keys.
Hashing algorithms and processing
- SHA-1
- CPACF only.
- SHA-2
- CPACF only.
- SHA-3/SHAKE
- CPACF only.
- MD5
- Software only.
- RIPEMD-160
- Software only.