The cryptographic hardware, or cryptographic feature, controls the use of DES keys by separating them into unique types. How a key is used distinguishes it from other keys. The cryptographic feature allows you to use only a specific type of key for its intended purpose. For example, a key that is used to protect data cannot be used to protect a key.

Depending on the cryptographic feature, an ICSF system may have multiple master keys:

• A DES master key protecting keys that are used in DES or CDMF operations on the Cryptographic Coprocessor Feature.
• A DES master key protecting keys that are used in operations on the PCICC, PCIXCC, CEX2C, or CEX3C
• An AES master key protecting AES keys that are used in operations on the CEX2C or CEX3C, and HMAC keys that are used in operations on the CEX3C.
• A PKA key management master key (KMMK) protecting keys that are used in PKA key distribution operations on the Cryptographic Coprocessor Feature.
• A PKA signature master key (SMK) protecting keys that are used in digital signature operations on the Cryptographic Coprocessor Feature.
• An asymmetric-keys (ASYM-MK) master key protecting RSA keys used in key distribution and authentication operations on the PCICC, PCIXCC, CEX2C, or CEX3C.
• An ECC master key (ECC-MK) protecting ECC keys on the CEX3C.

DES master key variants protect DES and CDMF keys

To provide for key separation, the cryptographic feature automatically encrypts each type of key that is used in either DES or CDMF services under a unique variation of the DES master key. Each variation encrypts a different type of key. Although you define only one master key, in effect you have a unique master key to encrypt each type of key that is used in DES or CDMF services.

Restriction: CDMF services are only supported on the IBM zSeries 900.

A key that is protected under the master key is in operational form, which means that ICSF can use it in cryptographic functions on the system. As is shown in Figure 1, all secure keys that you want ICSF to use in cryptographic functions are enciphered under the master key.

Whenever the master key is used to encipher a key, the cryptographic feature produces a variation of the master key according to the type of key that is being enciphered. These variations are called master key variants. The cryptographic feature creates a master key variant by exclusive ORing a fixed pattern, called a control vector, with the master key. Each type of key that is used in DES or CDMF services has a unique control vector associated with it. For example, the cryptographic feature uses one control vector when the master key enciphers a PIN generation key, and a different control vector when the master key enciphers a PIN verification key.

Figure 1. Keys Protected in a System

When systems want to share keys, transport keys can be used to protect keys sent outside of systems. A key that is enciphered under a transport key cannot be used in a cryptographic function. The key must first be brought into a system, deciphered from under the transport key, and enciphered under the system's master key.

ICSF creates variations of a transport key to encrypt a key according to its type. Whenever a transport key is used to encipher a key, the cryptographic feature produces the variation of the transport key according to the type of key that is being enciphered. This allows for key separation when a key is transported off the system.

A transport key variant, also called a key-encrypting key variant, is created in the same way as a master key variant. The transport key is exclusive ORed with a control vector that is associated with the key type of the key it protects. See Appendix B. Control Vector Table for a listing of the control vector that is used for each key type.

DES cryptographic keys can be single- or double-length keys, depending on their key type. A single-length key is 64 bits, and a double-length key is 128 bits. For double-length keys, one control vector exists for the left half of the key and another control vector for the right half. Therefore, ICSF creates a master key variant or transport key variant for each half of the key the master key or transport key will protect.

Multiple Encipherment

The cryptographic feature uses multiple encipherment when it enciphers a key under a key-encrypting key such as the master key or a transport key. Multiple encipherment is used whenever the key-encrypting key is double-length. The cryptographic feature enciphers each half of the key that it is encrypting.

To multiple-encipher the left half of a key, the cryptographic feature performs these steps:

1. Exclusive ORs the left half of the key-encrypting key with the control vector for the left half of the key to create the variant. The cryptographic feature then enciphers the left half of the key under this variant.
2. Exclusive ORs the right half of the key-encrypting key with the control vector for the left half of the key to create the variant. The cryptographic feature then deciphers the value that results from step 1 under this variant.
3. Exclusive ORs the left half of the key-encrypting key with the control vector for the left half of the key. The cryptographic feature then enciphers the value that results from step 2 under this variant.

To multiple-encipher the right half of the key, the cryptographic feature performs these steps:

1. Exclusive ORs the left half of the key-encrypting key with the control vector for the right half of the key to create the variant. The cryptographic feature then enciphers the right half of the key under this variant.
2. Exclusive ORs the right half of the key-encrypting key with the control vector for the right half of the key to create the variant. The cryptographic feature then deciphers the value that results from step 1 under this variant.
3. Exclusive ORs the left half of the key-encrypting key with the control vector for the right half of the key. The cryptographic feature then enciphers the value that results from step 2 under this variant.

On ICSF, an effective single-length key can exist as a double-length key; each key half has an identical value. The result of the multiple encipherment process on an effective single-length key is the key value that is encrypted once under the variant.