摘要 |
A data processing system includes a number of applications, each of which has a cryptographic support facility (CSF) for securely managing cryptographic keys and performing cryptographic operations on behalf of the application. Each key has a 2-byte tag which is enciphered along with the key whenever the key is made available outside the CSF, to prevent unauthorized modification of the tag. Each tag indicates whether the key may be used as a basis for deriving data protection keys, whether keys derived from this key should be subject to cryptographic control policies, and whether the key should be subject to cryptographic control policies prior to use. Whenever the CSF is invoked to use a key, it enforces any restrictions imposed by the associated tag.
|