Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Using the Ciphertext Translate Callable Service z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|
Restriction: The ciphertext translate callable service does not work in CDMF-only systems (see System Encryption Algorithm). The ciphertext translate callable service does not work on the PCI X Cryptographic Coprocessor, Crypto Express2 Coprocessor, or Crypto Express3 Coprocessor. This topic describes a scenario using the encipher, ciphertext translate, and decipher callable services with four network nodes: A, B, C, and D. You want to send data from your network node A to a destination node D. You cannot communicate directly with node D, and nodes B and C are situated between you. You do not want nodes B and C to decipher your data. At node A, you use the Encipher callable service. Node D uses the Decipher callable service. Node B and C will use the ciphertext translate callable service. Consider the keys that are needed to support this process:
The communication process is shown as:
Therefore, you need three keys, each in two different forms. You can generate two of the keys at node A, and node D can generate the third key. Note that the key used in the decipher callable service at node D is not the same key used in the encipher callable service at node A. |
Copyright IBM Corporation 1990, 2014
|