PKCS #11 is a standard set of programming interfaces for cryptographic functions developed by RSA Laboratories of RSA Security Inc. A subset of these functions is supported by ICSF. ICSF stores the PKCS #11 tokens and token objects in a specialized data set called the token data set (TKDS). In the context of PKCS #11, a token is a representation of a cryptographic device, such as a smart card reader. You can store public key objects, private key objects, secret key objects, certificate objects, data objects, and domain parameter objects in the TKDS through the use of ICSF callable services. ICSF provides a set of callable services that allow applications to update the TKDS. Applications can use these services to create, delete, list, set and get attribute values from the TKDS.

For more information on using the TKDS services refer to the z/OS Cryptographic Services ICSF Writing PKCS #11 Applications and z/OS Cryptographic Services ICSF Application Programmer’s Guide.

PKCS #11 and FIPS 140-2

The National Institute of Standards and Technology (NIST), the US federal technology agency that works with industry to develop and apply technology, has published the Federal Information Processing Standard Security Requirements for Cryptographic Modules standard (FIPS 140-2), that can be required by organizations who specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data.

The z/OS PKCS #11 services are designed to meet FIPS 140-2 Level 1 criteria, and can be configured to operate in compliance with FIPS 140-2 specifications. Applications that need to comply with the FIPS 140-2 standard can therefore use the z/OS PKCS #11 services in a way that allows only the cryptographic algorithms (including key sizes) approved by the standard and restricts access to the algorithms that are not approved.

For more information on using the TKDS services, refer to the z/OS Cryptographic Services ICSF Writing PKCS #11 Applications and the z/OS Cryptographic Services ICSF System Programmer’s Guide.