z/OS Cryptographic Services ICSF System Programmer's Guide
Previous topic
| Next topic |
Contents
|
Index
|
Contact z/OS
|
Library
|
PDF
Index
z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17
Numerics
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
Numerics
4753
key tokens
4753-HSP
compatibility and coexistence with ICSF
A
abends
access control checking
udx
Access Method Services Cryptographic Option
and ICSF
activity report
defining on a DD statement
description
addressing mode
no restrictions on ICSF's caller
AMS DEFINE CLUSTER command
(1)
,
(2)
,
(3)
AMS IMPORT/EXPORT commands
(1)
,
(2)
,
(3)
AMS REPRO command
(1)
,
(2)
,
(3)
AMS REPRO encryption
B
BEGIN installation option
C
callable services
ICSF
CDMF
(1)
,
(2)
changing parameters in installation options data set
specifying option keywords and values
changing the master key in compatibility or coexistence mode
CHECKAUTH installation option
choosing compatibility modes during migration
CICS
WAITLIST installation option
CICS-ICSF Attachment Facility
installing
CICS wait list
CIPHER macro
SVC description
CKDS
create
primary space required
secondary space required
CKDS (cryptographic key data set)
conversion from PCF CKDS to ICSF CKDS
creating
description
header record format
(1)
,
(2)
record format
(1)
,
(2)
,
(3)
,
(4)
,
(5)
,
(6)
,
(7)
CKDS entry retrieval installation exit
environment
input
installing
purpose and use
return codes
CKDS refresh
SMF record type 82
CKDSN installation option
CKTAUTH
clear master key part entry
SMF record type 82
coexistence, definition
coexistence mode
changing the master key
(1)
,
(2)
description
(1)
,
(2)
coexistence with 4753-HSP
COMPAT installation option
(1)
,
(2)
compatibility mode
and the Access Method Services Cryptographic Option
changing the master key
(1)
,
(2)
description
(1)
,
(2)
compatibility with 4753-HSP
COMPENC installation option
component trace
configure on/off cryptographic coprocessors
controlling access to CSFDUTIL
controlling access to secure tokens
controlling access to the callable services
controlling access to the cryptographic keys
controlling access to the key generator utility program
controlling the program environment
conversion considerations
4753-HSP to OS/390 ICSF
conversion program
activity report
bypassing entries
converting key types
data sets
including information in a key entry
installation exit
JCL for submitting
override file
running
conversion program installation exit
PCF
purpose and use
return codes
converting a PCF CKDS
Coprocessor Management panel
CP Assist for Cryptographic Functions
description
creating the CKDS
allocating space for the CKDS
reading the CKDS into storage
using the AMS DEFINE CLUSTER command
creating the installation options data set
guidelines
creating the PKDS
allocating space for the PKDS
creating the startup procedure
specifying the installation options data set
creating the TKDS
allocating space for the TKDS
Crypto Express2 Coprocessor
description
cryptographic communication vector table
cryptographic communication vector table extension
Cryptographic Coprocessor clear master key entry
SMF record type 82
Cryptographic Coprocessor Feature
description
cryptographic coprocessor retained key create or delete
SMF record type 82
cryptographic coprocessor timing
SMF record type 82
cryptographic coprocessor TKE command request or reply
SMF record type 82
cryptographic coprocessors
bringing offline
bringing online
disabling
(1)
,
(2)
csf
CSFAPRPC processing routine
CSFCKDS exit
CSFCONVX exit
CSFESECI exit
CSFESECK exit
CSFESECS exit
CSFESECT exit
CSFEXIT1 exit
CSFEXIT2 exit
CSFEXIT3 exit
CSFEXIT4 exit
CSFEXIT5 exit
CSFKGUP exit
CSFPARM data set
CSFPRM00
CSFPRM01
CSFSRRW exit
CSFVINP data set
CSFVNEW data set
CSFVOVR data set
CSFVRPT data set
CSFVSRC data set
D
DEFAULTWRAP installation option
DEFINE CLUSTER command
(1)
,
(2)
,
(3)
defining conversion program data sets
DES
with PKA
DES external key token format
DES with PKA
disabling cryptographic coprocessors
(1)
,
(2)
DOMAIN installation option
DSS private external key token
DSS private internal key token
DSS public token
duplicate key tokens
SMF record type 82
dynamic CKDS update
SMF record type 82
dynamic PKDS update
SMF record type 82
E
EMK macro
SVC description
END installation option
error handling for ICRF
SMF record type 82
event recording
exit
CKDS entry retrieval installation exit
(1)
,
(2)
description
entry and return specifications
identifier on ICSF
invocation on ICSF
key generator utility program installation exit
(1)
,
(2)
mainline installation exits
(1)
,
(2)
PCF conversion program installation exit
(1)
,
(2)
security installation exits
service installation exits
(1)
,
(2)
single-record, read-write installation exit
(1)
,
(2)
EXIT installation option
exit name table
external key token
DES
PKA
DSS private
RSA private
F
FIPSMODE installation option
FMID
applicable z/OS releases
hardware
servers
formatting control blocks
using IPCS
G
GENKEY macro
SVC description
H
hardware features
IBM
zSeries 800
IBM
zSeries 890
IBM
zSeries 900
IBM
zSeries 990
I
IBM
zSeries 800
hardware features
IBM
zSeries 890
hardware features
IBM
zSeries 900
hardware features
IBM
zSeries 990
functions not supported
(1)
,
(2)
,
(3)
hardware features
without PCI X Cryptographic Coprocessor
IClassifyBy call_def.dita
IClassifyBy configuring_def.dita
(1)
,
(2)
,
(3)
IClassifyBy controlblock_def.dita
IClassifyBy cryptoservice_def.dita
IClassifyBy exit_def.dita
IClassifyBy installing_def.dita
IClassifyBy migrating_def.dita
IClassifyBy operating_def.dita
IClassifyBy planning_def.dita
IClassifyBy problemdetermination_def.dita
ICSF
dispatching priority
(1)
,
(2)
V1R2 and 4753-HSP key label considerations
ICSF (Integrated Cryptographic Service Facility)
CSFSMF82 mapping macro
record type 82
ICSF initialization
SMF record type 82
ICSF interface changes
callable services
ICSF status change
SMF record type 82
icsf sysplex group
SMF record type 82
initializing ICSF
creating the CKDS
creating the PKDS
creating the TKDS
creation of
(1)
,
(2)
,
(3)
selecting ICSF startup options
creating the installation options data set
creating the startup procedure
starting ICSF
installation-defined service
access control checking
defining
description
entry and exit code example
executing
link editing
parameter checking
writing
installation option keyword
BEGIN
CHECKAUTH
CKDSN
CKTAUTH
COMPAT
(1)
,
(2)
COMPENC
DEFAULTWRAP
DOMAIN
END
EXIT
FIPSMODE
KEYAUTH
MAXLEN
PKDSCACHE
PKDSN
REASONCODES
SERVICE
SSM
SYSPLEXCKDS
SYSPLEXTKDS
TKDSN
TRACEENTRY
UDX
USERPARM
WAITLIST
installation options
performance considerations
installation options data set
(1)
,
(2)
changing option keywords and values
creating
example
(1)
,
(2)
specifying the installation options data set
installation steps
Integrity
internal key token
aes;
DES
PKA
DSS private
RSA private
(1)
,
(2)
,
(3)
,
(4)
,
(5)
,
(6)
K
key generator utility program exit parameter block
key generator utility program installation exit
calling points
environment
installing
processing
purpose and use
return codes
SET statement
key labels
differences between ICSF/MVS Version 1 Release 2 and 4753-HSP
key part entry
SMF record type 82
key store policy
SMF record type 82
key token
aes; internal
DES
external
null
DES internal
PKA
DSS private external
DSS private internal
DSS public
null
RSA 1024-bit modulus-exponent private external
RSA 1024-bit private internal
(1)
,
(2)
RSA 2048-bit Chinese remainder theorem private internal
RSA 4096-bit Chinese remainder theorem private external
RSA 4096-bit modulus-exponent private external
RSA private external
RSA private internal
(1)
,
(2)
,
(3)
,
(4)
RSA public
KEYAUTH installation option
L
link editing
callable services
M
mainline installation exit
environment
exit parameter block
input
installing
parameters
(1)
,
(2)
purpose and use
mapping macro
CSFSMF82 (ICSF)
master key part entry
SMF record type 82
MAXLEN installation option
message recording
migrating from PCF
migration
terminology
migration considerations
4753-HSP to OS/390 ICSF
MODIFY command
modifying ICSF
N
noncompatibility mode
description
(1)
,
(2)
Notices
null key token
format
(1)
,
(2)
O
object ion key (OPK)
OPK, object protection key
(1)
,
(2)
override file
defining on a DD statement
P
panels
accessing
CSF@PRIM — Primary Menu
CSFGCMP0 — Coprocessor Management
parameter checking
callable services
PCF
application
(1)
,
(2)
,
(3)
macro
migration to ICSF
PCF conversion program installation exit
environment
input
installing
purpose and use
PCI Cryptographic Accelerator
description
PCI Cryptographic Coprocessor
description
PCI Cryptographic Coprocessor configuration
SMF record type 82
PCI Cryptographic Coprocessor timing
SMF record type 82
PCI X Cryptographic Coprocessor
description
PCI X Cryptographic Coprocessor timing
SMF record type 82
performance
problems
(1)
,
(2)
PKA key part entry
SMF record type 82
PKA key token
record format
DSS private external
DSS private internal
DSS public
RSA 1024-bit modulus-exponent private external
RSA 1024-bit private internal
(1)
,
(2)
RSA 2048-bit Chinese remainder theorem private internal
RSA 4096-bit Chinese remainder theorem private external
RSA 4096-bit modulus-exponent private external
RSA private external
RSA private internal
(1)
,
(2)
,
(3)
,
(4)
RSA public
PKA master keys
(1)
,
(2)
PKDS (public key data set)
creating
description
header record format
record format
PKDSCACHE installation option
PKDSN installation option
PKSC commands
SMF record type 82
private external key token
DSS
RSA
private internal key token
DSS
RSA
(1)
,
(2)
,
(3)
,
(4)
,
(5)
,
(6)
public key data set
improving security and reliability for the PKDS
public key data set refresh
SMF record type 82
public key token
DSS
RSA
R
read-write exit parameter block
REASONCODES installation option
recording events
RETKEY macro
SVC description
return codes
from PCF macros
migration consideration
RKX key-token
RMF
header record format
RSA 1024-bit private internal key token
(1)
,
(2)
RSA private external Chinese remainder theorem key token
RSA private external key token
RSA private external modulus-exponent key token
(1)
,
(2)
RSA private internal Chinese remainder theorem key token
RSA private internal key token
(1)
,
(2)
,
(3)
,
(4)
RSA public token
running ICSF
in coexistence mode
in compatibility mode
in noncompatibility mode
running the conversion program
creating a job to run the conversion program
defining conversion program data sets
S
scheduling changes for cryptographic keys
secondary parameter block
section sequence, trusted block
security considerations
security installation exit
environment
input
installing
purpose and use
return codes
selecting ICSF startup options
creating the installation options data set
creating the startup procedure
service installation exit
environment
exit parameter block
input
installing
parameters
purpose and use
return codes
SERVICE installation option
syntax
service stub
description
example
linking
writing
SET Certificate Authority
single-record, read-write installation exit
conversion program invocation
input
installing
purpose and use
return codes
SMF record type 82
subtype 1
subtype 10
subtype 11
subtype 12
subtype 13
subtype 14
subtype 15
subtype 16
subtype 17
subtype 18
subtype 19
subtype 20
subtype 21
subtype 22
subtype 23
subtype 24
subtype 25
subtype 26
subtype 3
subtype 4
subtype 5
subtype 6
subtype 7
subtype 8
subtype 9
SMF recording
(1)
,
(2)
special secure mode
SMF record type 82
specifying the installation options data set
SSM installation option
START command
(1)
,
(2)
starting ICSF
creating the startup procedure
entering the ICSF START command
(1)
,
(2)
startup procedure
(1)
,
(2)
steps in installation
STOP command
stopping ICSF
SVC 143
SYS1.PARMLIB
customizing
description
SYS1.PROCLIB
description
storing startup procedure
SYS1.SAMPLIB
CSFPRM00
CSFPRM01
description
SYSPLEXCKDS installation option
SYSPLEXPKDS installation option
SYSPLEXTKDS installation option
T
testing ICSF
TKDS
SMF record type 82
TKDS (public key data set)
creating
TKDS (token data set)
description
format
TKDS (token key data set)
description
TKDSN installation option
token data set (TKDS)
description
format
token key data set
improving security and reliability for the TKDS
token validation value (TVV)
TRACEENTRY installation option
triple DES
for data privacy
trusted block create
SMF record type 82
trusted block key token
trusted block key token
trusted block key token
U
udx
access control checking
UDX installation option
UDX support
User Defined Extension
USERPARM installation option
using different configurations
using the conversion program override file
V
V1R11 changed information
V1R11 new information
V1R12 changed information
V1R12 new information
V1R13 changed information
V1R13 new information
virtual storage constraint relief
for the caller of ICSF
VSAM data set
creating
VTAM
starting before ICSF
VTAM session-level encryption
and ICSF
W
WAITLIST installation option
Copyright IBM Corporation 1990, 2014