In both the symmetric key and asymmetric key algorithms, no practical means exists to identically cipher data without knowing the cryptographic key. Therefore, it is essential to keep a key secret at a cryptographic node. In real systems, however, this often does not provide sufficient protection. If adversaries have access to the cryptographic process and to certain protected keys, they could possibly misuse the keys and eventually compromise your system. A carefully devised set of processes must be in place to protect and distribute cryptographic keys in a secure manner.
ICSF, and other products that comply with the IBM Common Cryptographic Architecture (CCA), provide a means of controlling the use of cryptographic keys. This protects against the misuse of the cryptographic system.
This publication explains the concepts of key management and gives step-by-step instructions for using ICSF to generate, enter, and manage cryptographic keys.