Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Control Vector Table z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Note:
The Control Vectors used in ICSF are exactly the same
as documented in CCA and the TSS documents. The master key enciphers all keys operational on your system. A transport key enciphers keys that are distributed off your system. Before a master key or transport key enciphers a key, ICSF exclusive ORs both halves of the master key or transport key with a control vector. The same control vector is exclusive ORed to the left and right half of a master key or transport key. Also, if you are entering a key part, ICSF exclusive ORs each half of the key part with a control vector before placing the key part into the CKDS. Each type of key on ICSF (except the master key) has either one or two unique control vectors associated with it. The control vector that ICSF exclusive ORs the master key or transport key with depends on the type of key the master key or transport key is enciphering. For double-length keys, a unique control vector exists for each half of a specific key type. For example, there is a control vector for the left half of an input PIN-encrypting key, and a control vector for the right half of an input PIN-encrypting key. If you are entering a key part into the CKDS, ICSF exclusive ORs the key part with the unique control vector(s) associated with the key type. ICSF also enciphers the key part with two master key variants for a key part. One master key variant enciphers the left half of the key part, and another master key variant enciphers the right half of the key part. ICSF creates the master key variants for a key part by exclusive ORing the master key with the control vectors for key parts. These procedures protect key separation. Table 373 displays the default value of the control vector that is associated with each type of key. Some key types do not have a default control vector. For keys that are double-length, ICSF enciphers a unique control vector on each half. Control vectors indicated with an "*" are supported by the Cryptographic Coprocessor Feature.
Note:
The external control vectors for DATAC, DATAM MAC
generation and DATAMV MAC verification keys are also referred to as
data compatibility control vectors. Key Form Bits, 'fff' - The key form bits, 40-42, and for a double-length key, bits 104-106, are designated 'fff' in the preceding illustration. These bits can have these values:
The following values may exist in some CCA implementations:
|
Copyright IBM Corporation 1990, 2014
|