An V. Le

Common cryptographic architecture cryptographic application programming interface

Cryptography is considered by many users to be a complicated subject. An architecture for a cryptographic application programming interface simplifies customer use of cryptographic services by helping to ensure compliance with national and international standards and by providing intuitive high-level services that may be implemented on a broad range of operating systems and underlying hardware. This paper gives an overview of the design rationale of the recently announced Common Cryptographic Architecture Cryptographic Application Programming Interface and gives typical application scenarios showing methods of using the services described in the architecture to meet security requirements.

A key-management scheme based on control vectors

This paper presents a cryptographic key-management scheme based on control vectors. This is a new concept that permits cryptographic keys belonging to a cryptographic system to be easily, securely, and efficiently controlled. The new key-management scheme—built on the cryptographic architecture and key management implemented in a prior set of IBM cryptographic products—has been implemented in the newly announced IBM Transaction Security System.

The Commercial Data Masking Facility (CDMF) data privacy algorithm

The Commercial Data Masking Facility (CDMF) algorithm defines a scrambling technique for data confidentiality that uses the Data Encryption Algorithm (DEA) as the underlying cryptographic algorithm, but weakens the overall cryptographic operation by defining a key-generation method that produces an effective 40-bit DEA key instead of the 56 bits required by the full- strength DEA. In general, products implementing the CDMF algorithm in an appropriate manner may be freely exported from the USA. The algorithm is thus intended as a drop-in replacement for the DEA in cryptographic products. Discussed in this paper are the design requirements, rationale, strength, and applications of the CDMF algorithm.

Design of the commercial data masking facility data privacy algorithm

This paper presents the details of the new Commercial Data Masking Facility (CDMF) data privacy algorithm1. When implemented appropriately, products containing the CDMF algorithm can, in general, be freely exported from the United States. A short discussion of the requirements and rationale of the new algorithm is given. This paper is an abbreviated version of a paper scheduled to be published in the March 1994 issue of the IBM Journal of Research and Development. The full paper will include a more extensive discussion of the requirements and rationale as well as a discussion of its strength under various threat scenarios and testcases to help ensure a correct implementation.

A public key extension to the common Cryptographic Architecture

A new method for extending the IBM Common Cryptographic Architecture (CCA) to include public key cryptography is presented. The public key extension provides nonrepudiation via digital signatures and an electronic means to distribute Data Encryption Algorithm (DEA) key-encrypting keys in a hybrid Data Encryption Algorithm. Public Key Algorithm (DEA-PKA) cryptographic system. The improvements are based on a novel method for extending the control vector concept used in the IBM Common Cryptographic Architecture. Four new key types that separate the public and private key pairs into four classes according to their broad uses within the cryptographic system are defined. The public key extension to the CCA is implemented in the IBM Transaction Security System (TSS). This paper discusses both the public key extension to the CCA and the TSS implementation of this architectural extension.