ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Why are the Advanced Encryption Standard (AES) keys stored in "clear" form in the ICSF CKDS dataset instead of being in the "protect" form? In other words what AES strength is the encryption module when specifying ENCRYPT=ICSF?

book

Article ID: 32914

calendar_today

Updated On:

Products

Deliver View

Issue/Introduction

Question: 

Why are the Advanced Encryption Standard (AES) keys stored in "clear" form in the ICSF CKDS dataset instead of being in the "protect" form? In other words what AES strength is the encryption module when specifying ENCRYPT=ICSF? 

 

Answer:

  • We use 56-bit AES keys.  Clear AES keys are the only method that ICF supports. 
  • CA View also uses a cypher chain with encryption and decryption, the use of the AES key itself is not sufficient to render readable data.

This is from the z/OS Crypto Application Programmers Guide: 

"The Symmetric Key Encipher and Symmetric Key Decipher callable services are used to encipher and decipher data in an address space or a data space using the cipher block chaining and electronic code book modes. The Advanced Encryption Standard (AES) and DES (Data Encryption Standard) are supported. AES encryption uses a 128-, 192- or 256-bit key. Only clear keys will be supported. The AES encryption is subject to the same availability restrictions as triple-DES encryption."

 

 

Additional Information:

As always, please contact CA Technologies support for CA View/Deliver if you have further questions. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Environment

Release: OUTDTI00200-12.1-Deliver-Output Management-Interface for Native TSO
Component:
Powered by Wolken Software