Data-encrypting keys

Data-encrypting keys are used to encrypt and decrypt data.

DATA class keys can be either encrypted under the master key or in the clear. CIPHER class are encrypted under the master key.

Table 1. DES data-encrypting keys
DES keys Callable services
DATA class (data operation keys):
  • These key are used to encrypt and decrypt data.
  • Single-length keys can be used to generate and verify MACs and CVVs.
  • DATA keys can be single-length, double-length, or triple-length.
  • DATAM and DATAMV keys are double-length.
  • The DATA key value may be encrypted or clear. All other keys are encrypted.
DATA (encrypted) Authentication Parameter Generate, Cipher Text Translate2, CVV Key Combine, Decipher, Encipher, MAC Generate, MAC Verify, VISA CVV Generate, VISA CVV Verify
DATA (encrypted or clear) Symmetric Key Encipher, Symmetric Key Decipher
DATAM MAC Generate, MAC Verify
DATAMV MAC Verify
Cipher class (data operation keys):
  • These key are used to encrypt and decrypt data.
  • The keys can be single-length or double-length.
CIPHER Cipher Text Translate2, Decipher, Encipher
DECIPHER Cipher Text Translate2, Decipher
ENCIPHER Cipher Text Translate2, Encipher
Table 2. AES data-encrypting keys
AES keys Callable services
DATA class (data operation keys):
  • These key are used to encrypt and decrypt data.
  • Clear keys can be used to generate and verify MACs.
  • The keys can be 128, 192, or 256 bits in length.
  • The key value may be encrypted or clear.
DATA (encrypted) Cipher Text Translate2, Symmetric Algorithm Decipher, Symmetric Algorithm Encipher, Symmetric Key Decipher, Symmetric Key Encipher
DATA (clear) Symmetric Key Decipher, Symmetric Key Encipher, Symmetric MAC Generate, Symmetric MAC Verify
Cipher class (data operation keys):
  • These key are used to encrypt and decrypt data.
  • The keys can be 128, 192, or 256 bits in length.
  • The key usage flags in the associated data can be used to restrict usage to encipher only or decipher only.
CIPHER Cipher Text Translate2, Symmetric Algorithm Decipher, Symmetric Algorithm Encipher
Availability notes: AES Cipher class keys require z114, z196, or later systems with a CEX3C or later coprocessor with the September 2011 or later licensed internal code.
Parent topic: Symmetric keys