Transport keys protect a key that is sent to another system, received from another system, or stored with data in a file. Transport keys can be either AES or DES keys.

These transport keys support the Common Cryptographic Architecture:

Exporter Key-encrypting Key

An exporter key-encrypting key protects keys that are sent from your system to another system. The exporter key at the originator has the same clear value as the importer key at the receiver. An exporter key is paired with an importer key-encrypting key. OKEYXLAT keys are a particular form of DES exporter key-encrypting keys.

Importer Key-encrypting Key

An importer key-encrypting key protects keys that are sent from another system to your system. It also protects keys that you store externally in a file that you can import to your system later. The importer key at the receiver has the same clear value as the exporter key at the originator. An importer key is paired with an exporter key-encrypting key. IKEYXLAT keys are a particular form of DES importer key-encrypting keys.

For a specific pair of transport keys, the importer key-encrypting key and the exporter key-encrypting key have the same clear value. However, each key is protected by the master key variant for its key type.

ICSF provides this transport key type to support the ANSI X9.17 standard.

ANSI Key-encrypting Key

An importer and exporter key-encrypting key that is used in the ANSI key management callable services. ANSI key-encrypting keys (AKEKs) are bidirectional and are either single- or double-length keys.

Restriction: ANSI keys are only supported on the IBM zSeries 900.