Exchanging symmetric keys using callable services
- Encrypting the keys to be sent between systems, so that they are not in the clear.
- Requiring that specialized transport keys protect the data-encrypting keys or key-encrypting keys. Transport keys can be used only to protect other keys; they cannot be used for other cryptographic operations.
- Requiring that the sending (exporting) and receiving (importing) of a key be by two different, complementary forms of the same transport key (for example, export and import). These two forms are complements of each other. You cannot use a key in place of its complement.
- Requiring that a key protected under a transport key be made no longer operational—that is, not usable for other cryptographic functions such as encryption, MAC verification, and PIN verification. Only the receiving system can make a protected key operational.
An “exported” key is a key that leaves your system. The transport key that is used to protect it is called an exporter key-encrypting key. When another system receives the key, the key is still protected under the same key-encrypting key. This key-encrypting key must be installed as an importer key-encrypting key on the receiving system. Before two systems can exchange keys, they must establish pairs of transport keys. The exporter key-encrypting key and the importer key-encrypting key are a complementary pair. You can set up pairs of transport keys, using the key generator utility program (KGUP) or callable services. To exchange keys in only one direction, you need a single pair of transport keys. To exchange keys in both directions, you need two pairs of transport keys. The illustration in Figure 1 shows an example of using DES transport keys to exchange keys between systems.
