Skip to Main Content
A new method for extending the IBM Common Cryptographic Architecture (CCA) to include public key cryptography is presented. The public key extension provides nonrepudiation via digital signatures and an electronic means to distribute Data Encryption Algorithm (DEA) key-encrypting keys in a hybrid Data Encryption Algorithm-Public Key Algorithm (DEA-PKA) cryptographic system. The improvements are based on a novel method for extending the control vector concept used in the IBM Common Cryptographic Architecture. Four new key types that separate the public and private key pairs into four classes according to their broad uses within the cryptographic system are defined. The public key extension to the CCA is implemented in the IBM Transaction Security System (TSS). This paper discusses both the public key extension to the CCA and the TSS implementation of this architectural extension.
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.