Symmetric Encryption Keys

The DES and AES encryption format use symmetric encryption keys. DES uses 56-bit (single length), 112-bit (double length) or 168-bit (triple length) keys while AES uses 128-bit, 192-bit, or 256-bit keys. A DES or AES key can be stored in a sequential file referenced by the LDAPKEYS FILEDEF statement.

DES and AES keys can be stored in a sequential file referenced by the LDAPKEYS FILEDEF statement. The file consists of fixed-length or variable-length records with a maximum record length of 255. The records are assumed to be in the IBM®-1047 code page. Comment records begin with ’#’ or ’*’ and blank records are ignored. Each record in the file defines a single key and has the following format:
key-label key-part-1 key-part-2 key-part-3 key-part-4

The fields are separated by one or more blanks. Each key part consists of 16 hexadecimal characters representing 8 bytes of the key. A DES key requires the key label and the one, two or three key parts while an AES key requires the key label and all four key parts. In a DES key, the low-order bit in each byte is a parity bit. The parity bit must be set so that there is an odd number of 1s in each byte, but the bit is not used for encryption. Therefore, DES uses 56-bits out of each 8-byte key part for encryption. An AES key does not use parity bits, so the entire key (256 bits) is used for encryption.