Question:
Why are the Advanced Encryption Standard (AES) keys stored in "clear" form in the ICSF CKDS dataset instead of being in the "protect" form? In other words what AES strength is the encryption module when specifying ENCRYPT=ICSF?
Answer:
This is from the z/OS Crypto Application Programmers Guide:
"The Symmetric Key Encipher and Symmetric Key Decipher callable services are used to encipher and decipher data in an address space or a data space using the cipher block chaining and electronic code book modes. The Advanced Encryption Standard (AES) and DES (Data Encryption Standard) are supported. AES encryption uses a 128-, 192- or 256-bit key. Only clear keys will be supported. The AES encryption is subject to the same availability restrictions as triple-DES encryption."
Additional Information:
As always, please contact CA Technologies support for CA View/Deliver if you have further questions.