z/OS Cryptographic Services ICSF System Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Changes made in z/OS Version 1 Release 11

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

This document contains information previously presented in z/OS ICSF System Programmer's Guide, SA22-7520-13, which supports z/OS Version 1 Release 10.

This document is for ICSF FMID HCR7770. This release runs on z/OS V1R9, z/OS V1R10, and z/OS V1R11 and only on zSeries hardware.

New information
  • Added information for Crypto Express3 feature (CEX3C and CEX3A)
  • Added new installation option FIPSMODE.
  • Added support for new callable services:
    • Added new callable service PKA Key Translate (CSNDPKT and CSNFPKT). Using this callable service, applications can translate a source CCA RSA key token into a target external smart card key token.
    • Added new callable services for managing PKCS #11 tokens and objects. These additional services are:
      • PKCS #11 Derive key (CSFPDVK)
      • PKCS #11 Derive multiple keys (CSFPDMK)
      • PKCS #11 Generate HMAC (CSFPHMG)
      • PKCS #11 Generate key pair (CSFPGKP)
      • PKCS #11 Generate secret key (CSFPGSK)
      • PKCS #11 One-way hash generate (CSFPOWH)
      • PKCS #11 Private key sign (CSFPPKS)
      • PKCS #11 Pseudo-random function (CSFPPRF)
      • PKCS #11 Public key verify (CSFPPKV)
      • PKCS #11 Secret key decrypt (CSFPSKD)
      • PKCS #11 Secret key encrypt (CSFPSKE)
      • PKCS #11 Unwrap key (CSFPUWK)
      • PKCS #11 Verify HMAC (CSFPHMV)
      • PKCS #11 Wrap key (CSFPWPK)
  • Added information for new SMF type 82 subtype records:
    • SMF type 82 subtype 7 - KEU Key Part Entry Section
    • SMF type 82 subtype 14 - Cryptographic Coprocessor Clear
    • SMF type 82 subtype 15 - PCI Cryptographic Coprocessor
    • SMF type 82 subtype 16 - PCI Cryptographic Coprocessor TKE
    • SMF type 82 subtype 18 - Cryptographic Coprocessor
    • SMF type 82 subtype 20 - Cryptographic Coprocessor
    • SMF type 82 subtype 27 - PKA Key Management Extensions
    • SMF type 82 subtype 28 - High Performance Encrypted Key
  • Added information for using DISPLAY GRS properly to understand ICSF key data set serialization conditions, and to detect the possible ICSF client application workload that could be impeding ongoing ICSF operation.
Changed information
  • Modified token data set (TKDS) format information
  • Modified the Cryptographic Communication Vector Table (CCVT) and the Cryptographic Communication Vector Table Extension (CCVE)
  • Modified ICSF startup procedure to support new startup program.
  • Modified the supported boundary values for the TRACEENTRY parameter in the installation options data set. The TRACEENTRY parameter now specifies a decimal value from 10000 to 500000.

This document contains terminology, maintenance, and editorial changes. Technical changes or additions to the text and illustrations are indicated by a vertical line to the left of the change.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014