Data-encrypting keys, also referred to as data keys, are used to encrypt and decrypt data. AES and DES data-encrypting keys are supported. DES keys can be single-length, double-length, or triple-length. AES keys can be 128-bits, 192-bits, or 256-bits in length. Data keys can be either encrypted under the master key or in the clear.

Single-length DES data-encryption keys can also be used in place of the MAC keys to generate or verify a message authentication code.

CIPHER keys are DES or AES data-encrypting keys (CIPHER, ENCIPHER, and DECIPER).

• DES CIPHER keys are single- or double-length keys.
• AES CIPHER keys are 128-, 192-, or 256-bits in length. AES CIPHER keys require a CEX3C and the Sep. 2011 or later licensed internal code (LIC).

CIPHER can be used only for encrypting or decrypting data.