Encryption Terminology
Listed below are the primary encryption terms used throughout this manual.
| AES | AES is the abbreviation for Advanced Encryption Standard. AES is an encryption algorithm which utilizes symmetric keys. It provides strong protection and is approved by the U.S. Government for protecting sensitive information. See http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf for more information on the AES encryption standard. |
| AES128 | AES encryption using a key length of 128 bits. |
| AES192 | AES encryption using a key length of 192 bits. |
| AES256 | AES encryption using a key length of 256 bits. |
| Algorithm | A mathematical process used to scramble (encrypt) data. |
| Data Encryption Key (DEK) | A symmetric key used to encrypt and decrypt data. |
| CBC mode | CBC is the abbreviation for Cipher-Block Chaining. CBC mode is available in the AES and TDES algorithms. With CBC mode, you can alter the encryption algorithm by supplying an Initialization Vector (IV) value. Therefore, the same input Plain Text and Key can produce different output Cipher Text values, depending on the IV supplied. |
| Cipher | A pair of algorithms (mathematical processes) used to encrypt and decrypt data. |
| Cipher Text | The unintelligible (encrypted) text value generated (output) by an encryption algorithm. |
| Cryptology | The art and science of keeping data secret. |
| CUSP mode | CUSP is the abbreviation for Cryptographic Unit Support Program. CUSP mode is available in the AES algorithm. CUSP mode is a special type of CBC mode documented in the z/OS ICSF Application Programmer's Guide (SA22-7522). It is used for handling data that is not a multiple of the block length. The length of output Cipher Text in CUSP mode will always equal the length of the input Plain Text. With CUSP mode, you can alter the encryption algorithm by supplying an Initialization Vector (IV) value. Therefore, the same input Plain Text and Key can produce different output Cipher Text values, depending on the IV supplied. |
| Decryption | The process of converting Cipher Text (unintelligible code) into Plain Text (readable information). |
| ECB mode | ECB is the abbreviation for Electronic Codebook mode. ECB mode is available in the AES and TDES algorithms. You cannot use Initialization Vectors (IV) with ECB mode, so the same input Plain Text and Key will always produce the same output Cipher Text value. |
| Encryption | The process of converting Plain Text (readable information) into Cipher Text (unintelligible code). |
| Hash | An algorithm for calculating a value based on a block of data. If the data changes in any way, then the hash values will not match when it is recalculated. A hash will protect the integrity of data. |
| Initialization Vector (IV) | An additional value that can be supplied to alter the encryption algorithm in order to produce a different result. In other words, the same input Plain Text and Key can produce different output Cipher Text values, depending on the IV supplied. This is especially useful to ensure the security of small encrypted values. |
| Key | The information needed to control the detailed operations of the Cipher. In contrast to human-generated passwords, Keys are more secure since they are computer-generated and are represented as an obscure series of bits (1001110…). |
| Key Store | An object used to organize and store one or more keys. |
| Master Encryption Key (MEK) | A key used to protect (encrypt) other keys. |
| Passphrase | Alternative name for password. A string of characters (entered by the user or supplied by a program) that can be used to create a Key. |
| Plain Text | The readable (decrypted) text value generated (output) by a decryption algorithm. |
| Symmetric Key | A key which can be used to encrypt and decrypt data. The key must be kept secret or the security is compromised. |
| TDES | TDES is the abbreviation for Triple DES (Data Encryption Standard). TDES is an encryption algorithm which utilizes symmetric keys. TDES is slowly disappearing from use since AES is up to 6 times faster and offers higher protection than TDES. |
| Tokenization | Tokenization is the process of replacing sensitive data with unique identification numbers (e.g. tokens) and storing the original data on a central server, typically in encrypted form. |