IBM Crypto Life

My research on IBM stuff goes here. The List of IBM Stuff..
  1. PCICC card (IBM 4758 card)
  2. PCIXCC (IBM 4764 card - PCI Extended Cryptographic Co-processor)
  3. CEX2C (Crypto Express 2 Coprocessor)
  4. CEX2A (Crypto Express 2 Accelator)
  5. CPACF (CP Assist For Cryptographic Functions)
  6. ICSF (Integrated Cryptographic Service Facility)
  7. ICRF (Integrated Cryptographic Facility)
  8. TKE (Trusted Key Entry)
  9. 'EZASOKET' command for TCP/IP communication

ICSF - Integrated Cryptographic Service Facility

  • Document on ICSF Mainframe panel. These screenshots are from a mainframne I worked on.
  • KGUP - Key Generator Utiliy Program

EZASOKET:

  1. A good link to a lot of Mainframe and Socket docs and ppts. Here.
  2. A very good PPT on TCP/IP socket programming on MVS. Socket, Socket, Who has the Socket !! . This explaing the basics and how to program in COBOL, ASSEMBLER etc. Impressing must read.
  3. There is more information in the MVS manual--> A Beginner’s Guide to MVS TCP/IP Socket Programming GG24-2561-00 (pdf version not available). More links present in the PDF which reads EZA Sockets - User Experience.
  4. Example: COBOL program. This demonstrates the use of EZASOKET. This particular program writes a HSM request on soket and listens for response.

IBM DKMS:- Distributed key Management System

  1. IBM page here.
  2. A good IBM RED book is Distributed Key Management System Installation and Customization Guide. Actually this is the only DKMS IBM book available online. The other manuals are not available directly to download but need to be requested. Pretty strange for IBM's product line manuals.
  3. IBM 4753 - Network Security Processor is used by DKMS.
  4. ICRF - Integrated Cryptographic Facility, a general key Management System.
  5. KMG Package - Key Mgmt Software package, for the DKMS Online Version. The KMG Package has 2 parts:
    i) The first part maintains information on all of the DKMS host DB2 tables, and directs all requests related to IBM host environment cryptographic devices to the second part.
    ii) The second part adds, lists, verifies and deletes keys in IBM 4753 NSP key storage and Integrated Cryptographic Feature CKDS.
  6. PMV Package - DKMS MVS Crypto API Program Package
    contains the API for terminals and ATMs.
  7. Host DB2 tables - KMGxxxx
    > total 12 tables
    > e.g. KMG0004, KMG0214

IBM TKE - Trusted Key Entry

  1. This is a non mainframe based application having a good GUI which can be used for entering/manipulating keys on mainframe ICSF system.
  2. Current/latest version = V5.2 (as of Dec 2005). Version 5+ is required on z9 and above machines.
  3. Good Docs =
  4. TKE requires the IBM 4764 Cryptographic Adapter
  5. CNM = Cryptographic Node Management Utility
  6. CNI = Cryptographic Node batch Initialization

OTHERS:

  1. IBM Redbook on TCP/IP supposdly good - TCP/IP Tutorial and Technical Overview.
  2. IBM Redbook on BASE24 - A Guide to the ACI Worldwide BASE24-eps on z/OS.
  3. Good PPT explaing with good diagrams but is old. Still good to know how CCA architecture started - zSeries Cryptographic Coprocessors.