z/OS Communications Server: SNA Network Implementation Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Cryptographic keys

z/OS Communications Server: SNA Network Implementation Guide
SC27-3672-01

If you use the VTAM® data encryption facility, you need to file cryptographic keys on the cryptographic key data set at the appropriate host processors. For information about which hosts require cryptographic keys, see Cryptography facility.

This appendix describes how to file these keys for different types of cryptographic facilities for both single-domain and multiple-domain sessions. The available cryptographic services are:
  • z/OS® Integrated Cryptographic Service Facility (ICSF) and S/390® or zSeries Cryptographic Co-Processor

    ICSF is a licensed program that runs under MVS™ and provides access to the hardware cryptographic feature for programming applications. The combination of the hardware cryptographic feature and ICSF provides secure high-speed cryptographic services.

  • Other PCF/CUSP or Common Cryptographic Architecture (CAA) compatible cryptographic products
Note: Triple-DES 24-byte encryption requires the use of the ENCRYPTN=CCA start option and that the Common Cryptographic Architecture (CCA) product is present. Otherwise, sessions that require triple-DES 24-byte encryption will fail. CCA defines a set of cryptographic functions, external interfaces, and a set of key management rules that provide a consistent, end-to-end cryptographic architecture across different IBM® platforms.
The following references are used with compatible cryptographic products:
PCF/CUSP
Refers to any cryptographic product that is compatible with PCF/CUSP.
CCA
Refers to any cryptographic product that is compatible with Common Cryptographic Architecture (CCA).
Notes:
  1. If ICSF/MVS runs in CUSP mode, use the information for PCF/CUSP.
  2. When using ICSF in PCF compatibility mode and migrating from an existing PCF cryptographic key data set (CKDS), an importer key with a key value of the PCF master key value must be included. Use the PCF master key 8 bytes twice to create the ICSF 16–byte key. See the ICSF publications for additional information.

    Specific commands and control statements for key input may differ by product.

For more information about establishing cryptographic sessions, see z/OS Communications Server: SNA Programming.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014