This document contains information previously presented in z/OS ICSF System Programmer's Guide, SA22-7520-14,
which supports z/OS Version 1 Release 11.
This document is for ICSF FMID HCR7780. This release runs on z/OS
V1R10, z/OS V1R11, and z/OS V1R12 and only on zSeries hardware.
New information
- Added support for IBM zEnterprise 196 (z196) servers.
- Added support for Elliptic Curve Cryptography (ECC).
- Added information on HMAC key support. HMAC key support is to
be enabled with the PTF for APAR OA33260, planned for February 2011
availability.
To accommodate HMAC keys, added a new variable length
record format for the CKDS. The variable length record format is only
required if HMAC keys are to be stored in the CKDS. The variable length
record format can be used to store all existing symmetric keys and
the new HMAC keys. Added a CKDS conversion program, CSFCNV2, that
converts a fixed length record format CKDS to a variable length record
format.
- Added a new, X9.24 compliant CBC wrapping method for DES keys.
Added a new installation option, DEFAULTWRAP, to indicate whether
the original CAA token wrapping method or the new CBC wrapping method
should be used by default.
- Added new SMF type 82 subtype 29 - TKE Workstation Audit
Record
Changed information
- Changed SMF records to include an auditing header, and audit sections
for server user and end user. Modified:
- SMF type 82 subtype 1 - Initialization
- SMF type 82 subtype 14 - Cryptographic Coprocessor Clear Master
Key Entry
- Modified the Cryptographic Communication Vector Table (CCVT) and
the Cryptographic Communication Vector Table Extension (CCVE)
|