Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
z/OS PKCS #11 tokens z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|||||||||||||||||||||||||
z/OS® PKCS #11 tokens are
managed and protected by ICSF. ICSF uses the CRYPTOZ SAF class to
determine if the issuer of gskkyman is permitted to perform
the operation against a z/OS PKCS
#11 token. The resources for this class are:
The gskkyman utility provides limited functionality for
PKCS #11 token certificates that have secure private keys. If a PKCS
#11 certificate has a secure private key, the following functions
are allowed:
If a PKCS #11 token certificate has a secure private key, the following
functions are not allowed:
A PKCS #11 token certificate with a clear private key is allowed full gskkyman functionality. When displaying token key information for a PKCS #11 certificate's private key, the private key type indicates the private key is either clear or secure. Table 1 illustrates the SAF access levels required to perform certain functions. The 3 SAF levels in order of increasing accessibility are READ, UPDATE, and CONTROL. The higher levels each retain all the permissions of the previous level including gaining additional capability. For more information, see the Token Access Levels table under Overview of z/OS support for PKCS #11 in z/OS Cryptographic Services ICSF Writing PKCS #11 Applications.
|
Copyright IBM Corporation 1990, 2014
|