Re: Certificates, ICSF and CICS

Tue, 18 Dec 2012 09:43:19 -0800

Would the main reason for configuring these cards as an accelerator or EP11 mode be for maximum performance, or to ensure that only a subset of the available ICSF API's can be used on that card? 

Mark Jacobs

On 12/18/12 12:31, Greg Boyd wrote:

EP11 Mode is only supported on the CEX4S card, not the CEX3.  And the CEX4S 
card is only available on the zEC12.  (You can also bring your current CEX3 
cards forward to a zEC12, but you can't order CEX3 cards with a zEC12.)

So if you have a CEX3 you can configure it either coprocessor mode (the 
default) or accelerator mode.  When configured as an accelerator the card 
supports only three ICSF APIs, all associated with the System SSL handshake.  
When configured as a coprocessor the CEX3 will support those same SSL handshake 
APIs as well as secure key encryption (DES/TDES and AES), PIN processing and 
key management.

The CEX4S works similarly.  That is, you can configure it as a coprocessor or 
an accelerator and it works just like the CEX3 does.  In addition, you have the 
option of configuring the CEX4S in EP11 mode.  When configured in EP11 mode the 
card will only support PKCS #11 APIs.  When configured in EP11 mode the card 
supports secure key PKCS #11 operations.  It does not support SSL handshakes or 
the other secure key APIs mentioned above.

Greg Boyd
IBM ATS, Washington Systems Center
Supporting crypto on System z


W dniu 2012-12-17 18:37, Rob Schramm pisze:

R.S. is correct.

Crypto Express cards can be configured 2 ways... both process handshakes.
   When configured as an accelerator... it only processes handshakes.

Actually Crypto Express can be configured 3 ways. Third mode is quite
new one and is available AFAIK only in EC12 machine with Crypto Express4
(FC0865). Third mode is CEX4P. P stands for EP11, which stand for IBM
Enterprise PKCS #11, which stand for Public Key Cryptography Standard.<g>






--
Mark Jacobs
Time Customer Service
Tampa, FL
----

The quiet ones are the ones that change the universe...
The loud ones only take the credit.

Londo Mollari - Babylon 5

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to