IBM Crypto Education Community

On the mainframe, I need to apply JSON web encryption on plaintext. The encryption of the plaintext is not an issue, but I need to :

1. Generate a random Content Encryption Key (CEK)
   --> this has to be a symmetric key
2. My plaintext has to be encrypted using this CEK and an Initialization Vector (IV); a "Tag" (HMAC) has to be created.
   --> this is not the issue
3. The generated CEK must be encrypted using
   1. a previously obtained Encryption Shared Secret
   2. a Initialization Vector (different from the one used for the encryption of my plaintext)

as result of this encryption, I must obtain

1. the encrypted key (of course)
2. the "Tag" (which is a HMAC)

The encrypted key has to be sent  to an external party

Can someone tell me which Services can be used for this scenario ?

Hi Rudi,

Are you using CCA or EP11?
 

Sorry, cryptography is new to me ...
Is EP11 the same as PKCS#11 ? As far as I understood, CCA allows you to get the clear key, while PKCS (EP11 ?) is more severe.
I suppose it has to be CCA.

In the mean time I did receive a proposition:

1. csnbrngl : generate a random CEK (clear key)
2. csnbckm : import the clear key (to get an operational key, allowing us to encrypt data)
3. csnbrngl : generate an Initialization Vector, to be used for the encryption of the CEK
4. csnbkrr: load the Key encrypting key
5. csnbsye : encrypt th CEK
   1. use the CEK (from point 1) as cleartext
   2. use the IV (from point 3) as Initialization Vector
   3. use the KeyEncryptingKey (from point 4) as the key
   4. after the encryption, the cipher_text contains the encrypted CEK
   5. after the encyption, the key_parms contains the tag (HMAC)

Is this a valid proposition ?

Rudi, I need to correct your ideas about CCA and EP11:

> As far as I understood, CCA allows you to get the clear key, while PKCS (EP11 ?) is more severe.

Both CCA and EP11 are what we call "Secure Key" architectures.  That means that they both keep your keys very secure, and never expose cleartext keys.  CCA has no function that will ever provide the cleartext value of a key.

The main difference between CCA and EP11 is the intended use.  EP11 is an implementation of the general-purpose PKCS#11 API.  It is particularly useful when working with "generic" applications that are written to use that API and to be portable between different kinds of computer systems and cryptographic providers.  CCA also supports a full set of general-purpose cryptographic functions, but it is designed with a focus on the many special needs of cryptography in the banking and payments industries.  There are many functions that are required in that area which cannot be done with a generic API like PKCS#11.

Rudi,
I tested your proposal and it worked for me. Step 4 CSNBKRR is not necessary.  You can specify the key label as the key_identifier in CSNBSYE.  In fact, encrypted keys must be specified by key label for this service.  There is some SAF setup required prior to using CSNBSYE.  Please see "Enabling use of encrypted keys in callable services that exploit CPACF" in the z/OS ICSF Administrator's Guide.

EChan, Todd,

Thanks for your feedback !