z/OS Open Cryptographic Services Facility Application Programming
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


OCSF Behavior When Only the OCSF Base is Installed

z/OS Open Cryptographic Services Facility Application Programming
SC24-5899-01

The use and behavior of policy modules by the OCSF framework when only the OCSF base is installed are as follows:

  • For symmetric encryption, a check is made to disallow nested encryptions of a data buffer. If the input buffer to be encrypted is identical to a buffer of cipher text produced in the recent past, the framework considers this an attempt to perform nested encryption of a data buffer and disallows it.
  • When a symmetric context is created or updated a check is made to see if the strength of the cryptography requested is stronger than allowed by the policy modules or if the algorithm requested is not defined by the policy modules. If so, the cryptographic context is flagged. An encryption or decryption request made with that context will be denied.
  • When an asymmetric context is created or updated a check is made to see if the strength of the cryptography requested is stronger than allowed by the policy modules or if the algorithm requested is not defined by the policy modules. If so, the cryptographic context is flagged. An encryption, decryption, key wrap or key unwrap request made with that context will be denied.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014