Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Revision History

About This Publication

The manual is intended for systems and applications analysts and application

programmers who will evaluate or create programs for the IBM 4758 Common

Cryptographic Architecture (CCA) support for the IBM 4758 Models 002 and 023

technology used with IBM eServer iSeries (OS/400) Option 35, CCA CSP on

OS/400 systems. Please reference the IBM iSeries Web sites for the specific

features and supported levels of software related to the IBM 4758 technology.

| Release 2.54 code applies only to the IBM eServer iSeries environment. PC

servers and IBM eServer pSeries servers use Release 2.41 code. This manual

| includes corrections which apply to Releases 2.41, 2.50, 2.51, 2.52, and 2.53.

Users of IBM 4758, Models 001 and 013, should refer to the CCA Basic Services

Reference And Guide Release 1.31/1.32 for the IBM 4758 Models 001 and 013

manual available on the product Web site.

Prerequisite to using this manual is familiarity with the contents of the IBM 4758

PCI Cryptographic Coprocessor General Information Manual that discusses topics

important to the understanding of the information presented in this manual:

 The IBM 4758 PCI Cryptographic Coprocessor

 An overview of cryptography

 Supported cryptographic functions

 System hardware features and software

 Organization of the relevant publications.

Revision History

| Thirteenth Edition, December, 2004, CCA Support Program,

| Release 2.54

| This edition replaces the December, 2004, Release 2.53 manual.

| Release 2.54 incorporates a new verb, Key_Encryption_Translate (CSNBKET) to

| translate an encrypted double-length, external DATA key (having an all-zero control

| vector) from CBC encryption to CCA key-encryption, and from CCA key-encryption

| to CBC encryption.

| Twelfth Edition, December, 2004, CCA Support Program,

| Release 2.53

| This edition replaces the April, 2004, Release 2.52 manual.

| Release 2.53 incorporates two changes to improve security.

|  In order to use regeneration date to create a particular RSA private-public

| key-pair you must authorize a new control point. See the Required Commands

| section of the PKA_Key_Generate verb.

|  If you attempt to use an RSA private key having the CLONE attribute, the

| PKA_Decrypt, PKA_Symmetric_Key_Import, and SET_Block_Decompose verbs

| will abnormally terminate with return code 8, reason code 64 (decimal).

 Copyright IBM Corp. 1997, 2005 xv

previous next