Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Key Forms z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|
A key that is protected under the master key is in operational form, which means ICSF can use it in cryptographic functions on the system. When you store a key with a file or send it to another system, the key is enciphered under a transport key rather than the master key because, for security reasons, the key should no longer be active on the system. When ICSF enciphers a key under a transport key, the key is not in operational form and cannot be used to perform cryptographic functions. When a key is enciphered under a transport key, the sending system considers the key in exportable form. The receiving system considers the key in importable form. When a key is reenciphered from under a transport key to under a system's master key, it is in operational form again. Enciphered keys appear in three forms. The form you need depends on how and when you use a key.
For more information about the key types, see either Functions of the Symmetric Cryptographic Keys or the z/OS Cryptographic Services ICSF Administrator’s Guide. See Key Forms and Types Used in the Key Generate Callable Service for more information about key form. DES Key FlowThe conversion from one key to another key is considered to be a one-way flow. An operational key form cannot be turned back into an importable key form. An exportable key form cannot be turned back into an operational or importable key form. The flow of ICSF key forms can only be in one direction:
|
Copyright IBM Corporation 1990, 2014
|