IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
Chapter 1. Introduction to Programming for the IBM CCA
This chapter introduces you to the IBM Common Cryptographic Architecture (CCA)
application programming interface (API). This chapter explains some basic
concepts you use to obtain cryptographic and other services from the PCI
Cryptographic Coprocessor and its CCA Support Program feature. Before
continuing, please review the “About This Publication” on page xv and first become
familiar with prerequisite information as described in that section.
In this chapter you can read about:
What CCA services are available with the IBM 4758
An overview of the CCA environment
The Security API, programming fundamentals
How the verbs are organized in the remainder of the book.
What CCA Services Are Available with the IBM 4758
CCA products provide a variety of cryptographic processes and data-security
techniques. Your application program can call verbs (services) to perform these
types of functions:
Encrypt and decrypt information, generally using the DES algorithm in the
cipher block chaining (CBC) mode to enable data confidentiality
Hash data to obtain a digest, or process the data to obtain a message
authentication code (MAC), that is useful in demonstrating data integrity
Form and validate digital signatures to demonstrate both data integrity and
non-repudiation
Generate, encrypt, translate, and verify finance industry personal identification
numbers (PINs) and transaction validation messages with a comprehensive set
of PIN-processing services
Manage the various keys necessary to perform the above operations. CCA is
especially strong and versatile in this area. Inadequate key-management
techniques are a major source of weakness in many other cryptographic
implementations.
Administrative services for controlling the initialization and operation of the CCA
node.
This book describes the many available services in the following chapters. The
services are grouped by topic and within a chapter are listed in alphabetical order
by name. Each chapter opens with an introduction to the services found in that
chapter.
The remainder of this chapter provides an overview of the structure of a CCA
cryptographic node and introduces some important concepts and terms.
Copyright IBM Corp. 1997, 2005 1-1