Changes made in z/OS Version 1 Release 12

This document contains information previously presented in z/OS ICSF System Programmer's Guide, SA22-7520-14, which supports z/OS Version 1 Release 11.

This document is for ICSF FMID HCR7780. This release runs on z/OS V1R10, z/OS V1R11, and z/OS V1R12 and only on zSeries hardware.

New information

Added support for IBM zEnterprise 196 (z196) servers.
Added support for Elliptic Curve Cryptography (ECC).
Added information on HMAC key support. HMAC key support is to be enabled with the PTF for APAR OA33260, planned for February 2011 availability.
To accommodate HMAC keys, added a new variable length record format for the CKDS. The variable length record format is only required if HMAC keys are to be stored in the CKDS. The variable length record format can be used to store all existing symmetric keys and the new HMAC keys. Added a CKDS conversion program, CSFCNV2, that converts a fixed length record format CKDS to a variable length record format.
Added a new, X9.24 compliant CBC wrapping method for DES keys. Added a new installation option, DEFAULTWRAP, to indicate whether the original CAA token wrapping method or the new CBC wrapping method should be used by default.
Added new SMF type 82 subtype 29 - TKE Workstation Audit Record

Changed information

Changed SMF records to include an auditing header, and audit sections for server user and end user. Modified:
- SMF type 82 subtype 1 - Initialization
- SMF type 82 subtype 14 - Cryptographic Coprocessor Clear Master Key Entry
Modified the Cryptographic Communication Vector Table (CCVT) and the Cryptographic Communication Vector Table Extension (CCVE)