Programming with libzpc
This part describes important concepts that you need to know before applying the libzpc APIs in order to avoid errors.
You can use the protected key functions of libzpc for AES cryptography and elliptic curve cryptography (ECC) as follows:
- AES
-
- Encryption/Decryption
- Authenticated encryption with associated data (AEAD)
- Message authentication (MAC)
- ECC
-
- ECDSA signature creation and verification
When using libzpc for AES cryptography, you can either generate a secure key/protected key pair, where the protected key is derived from a persistent secure key and whose effective key can therefore be automatically re-wrapped with a new firmware wrapping key when the old one is no longer available, for example, because an LPAR has been rebooted in the meanwhile.
Applications include the <zpc/...> header files corresponding to the required APIs and link with -lzp. With the exception of zpc_error_string(), all libzpc functions return either no value or an integer which is either zero (in case of success), or a non-zero error code (in case of failure).