I've finally discovered how to do it ! With this verb I can encrypt the text
using a clear single length DES key without the need to create/import a token:
/* Symmetric Key Encipher - CSNBSYE */
call csnbsye(return_code,
reason_code,
exit_data_length,
exit_data,
rule_array_count, /* 1 */
rule_array, /* 'DES' */
des_key_l, /* DES key length */
des_key, /* DES key */
key_parms_l, /* ignored */
' ', /* key parms */
block_size, /* 8 */
initialization_vector_l, /* 8 */
initialization_vector, /* binary zeros */
chain_data_length, /* 16 */
chain_data, /* binary zeros */
text_length, /* plain text length */
clear_text, /* plaintext */
cipher_text_length, /* ciphertext length */
cipher_text); /* ciphertext */
I've tested it and it works OK.
The DES key is only in the clear for a minimal amount of time. It is received
encrypted using RSA. It is decrypted using a private key. It is then used to
DES encrypt the response and immediately discarded. There are only a handful of
instructions between its decryption and its being discarded. There is no
intervening I/O.
Regards,
John.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
