CCA key wrapping using a new Cipher-Block Chaining (CBC) mode: While previously, Electronic Code Book (ECB) mode wrapping was the norm, enhanced key wrapping via the more secure CBC mode helps applications comply with current cryptographic standards that require key bundling. Both ECB and CBC mode key wrapping can coexist, letting existing applications expand to use the new CBC mode without sacrificing legacy data.
ECC support: As algorithms age and computing power increases, it’s constantly necessary to evaluate the viability of the current state of cryptography and security of cryptographic algorithms. It is clear there soon will be a need for ECC. This support begins with the ability to perform key generation and digital signature generation and verification using the Elliptic Curve Digital Signature Algorithm (ECDSA). Digital signatures are commonly used to verify that a piece of data wasn’t changed between the time it was signed and the time it was used. Financial institutions do this to ensure a banking transaction initiated by a known customer wasn’t tampered with and can be trusted. Ensuring that a customer has chosen to transfer $10 as opposed to $10,000 is critical to the financial institution’s reputation. The addition of this new algorithm also requires a new Public Key Algorithm (PKA) key token for storing the ECC public key cryptographic keys and a new Asymmetric PKA (APKA) master key—a 32-byte key that complies with the Advanced Encryption Standard (AES) for wrapping an ECC key token. Extended support was also needed for the Master Key Process (CSNBMKP) verb.
HMAC expansion: With CCA 4.1, these verbs were added to enhance key generation and processing:
- The HMAC Generate (CSNBHMG) verb generates a keyed HMAC for the text string provided as input to this verb.
- The HMAC Verify (CSNBHMV) verb verifies a keyed HMAC for the text string provided as input to this verb.
- The Key Generate2 (CSNBKGN2) verb is used to generate one or two HMAC keys. These keys are returned encrypted only, never in the clear. This verb returns a CCA key token.
- The Key Part Import2 (CSNBKPI2) verb is used to enter and combine one or more clear key parts and return a complete key value. The key can be in a variable length, internal key token, or stored in a key file.
- The Key Test2 (CSNBKYT2) verb is used to generate or verify a secure cryptographic verification pattern for keys contained in a key token.
- The Key Token Build2 (CSNBKTB2) verb can build a variable length key token for all supported key types, including HMAC keys. The key token can be used as input to the Key Generate2, Key Part Import2, and Key Test2 verbs.
- The Key Token Change2 (CSNBKTC2) verb is needed to re-encipher a variable-length HMAC key from encryption under an old master key to encryption under a current (new) master key. When master keys are changed as part of the enterprise security policy, it’s necessary to re-encipher HMAC keys under the new master key within the boundaries of the physically secure hardware.
- The Key Translate2 (CSNBKTR2) verb is used to move an HMAC key from encryption under one key to encryption under another key. This verb uses one key-encrypting key to decipher an input HMAC key in the secure hardware environment, then enciphers the HMAC key using a different key-encrypting key—producing an output key, never letting the clear HMAC key leave the secure boundary of the hardware. Only the encrypted input and output HMAC keys are available outside the hardware.
- The Restrict Key Attribute (CSNBRKA) verb is used to modify an exportable internal or external variable-length HMAC key token so its key can no longer be exported.
- The Symmetric Key Import2 (CSNDSYI2) verb is used to import an HMAC key that has been previously formatted and enciphered under an RSA public key by the Symmetric Key Export (CSNDSYX) verb and is contained in an external variable length symmetric key token. The recovered HMAC key is re-enciphered in the physically secure crypto hardware under the AES master key and returned in an internal variable-length symmetric key token.
The Future With ECC
The ECC algorithm is a public key cryptographic approach similar in use to the RSA algorithm. (RSA stands for Rivest, Shamir and Adleman, who first publicly described it.) This new approach uses the algebraic structure of elliptic curves over finite fields. Several protocols were adapted to use elliptic curves, and in this release of the CCA host library, the ECDSA was implemented and can be used for digital signature solutions. From the list of curves available, IBM chose to support the Brainpool and Prime curves.
ECC has been gaining momentum recently and has been recognized internationally by financial institutions as the follow-on to the currently pervasive RSA algorithm. These organizations have been marching toward a timeline when all public key solutions must be switched over to ECC. This process will take years, so it was important that the ECC capability was provided in a timely fashion to ensure a smooth, seamless transition. In the U.S., the National Security Agency (NSA) developed Suite B, which is a group of algorithms they deem worthy to protect our national secrets. Suite B mandates ECC for digital signature generation and key exchange. With that in mind, it’s time to start thinking about ECC and develop a plan for exploiting this new algorithm with new applications. Depending on a client’s security policy or the security requirements for their data and/or process, the client should give consideration to migrating current solutions from their existing RSA implementation to use ECC.
The CCA host library provides several exciting new enhancements. Whether the requirement is for support of sophisticated ECC, extensions to HMAC, or the new CBC mode key wrapping, options are now available to new or existing applications deployed on Linux on System z. With this new support, the host library available to Linux on System z takes another step closer to supporting the robust set of functions available to z/OS applications via ICSF.
The CCA host library can be located by selecting the Software Downloads tab at www.ibm.com/security/cryptocards/pciecc/overview.shtml. There’s no charge for the CCA host library for Linux on System z. The documentation mentioned is an in-depth source of information for getting started and creating both C and Java-based applications to meet the demanding cryptographic needs of today’s secure key solutions.