Hello Folks,

I was wondering if we have some best practices documented about initialization vectors when it comes to their generation, storage and transmission. I have been going through various forums on encryption but not many offer a lot of information about IVs and none about on z/OS platform.

Some of the questions I have been trying to find answers for are:

1. How can we generate an IV in a COBOL program?

We could use ICSF Random Number Generate callable service CSNBRNGL to generate a random number of our preferred length. We could also use COBOL intrinsic function RANDOM or z/OS LE CEERAN0 callable service. Is the first method the preferred over the second and third? Are there other IBM recommended solutions?

2. How do we store an IV if it is used to encrypt a data set which resides on z/OS?

3. How do I store the IV for a field I encrypted on a DL/1 database? (I assume DL/1 databases does not offer any field level encryption like DB2 column level encryption functions).

4. How do I transmit the IV to another system (on z/OS or distributed)?

General opinion is that IVs can be transmitted in cleartext along with the ciphertext. Is this what IBM recommends too?

I was wondering if you all can share the best practices when it comes to initialization vectors here and probably we can make it in to a wiki later?

Regards,

Deepak