Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
What is DES and AES? z/OS DFSMSdss Storage Administration SC23-6868-01 |
|
To manage cryptographic keys for encrypted data, DFSMSdss uses IBM® Cryptographic Services Facility
(ICSF), which supports the following cryptographic standards and architectures:
With DES, two parties share secret keys that are used to protect data and keys that are exchanged on the network. The sharing of secret keys establishes a secure communications channel. The only way to protect the security of the data in a shared secret key cryptographic system is to protect the secrecy of the secret key. ICSF also supports triple DES encryption for data privacy. TDES triple-length keys use three, single-length keys to encipher and decipher the data. This results in a stronger form of cryptography than that available with single DES encipher. With AES, data can be encrypted and decrypted using 128-bit, 192-bit, and 256-bit clear keys. CBC and ECB encryption are also supported. For public key cryptography, ICSF supports both the Rivest-Shamir-Adelman (RSA) algorithm 1, and the NIST Digital Signature Standard (DSS) algorithm. RSA and DSS are the most widely used public key encryption algorithms. In this system, each party establishes a pair of cryptographic keys, which includes a public key and a private key. Both parties publish their public keys in a reliable information source, and maintain their private keys in secure storage. |
Copyright IBM Corporation 1990, 2014
|