Filter
Top Products
CCA Release 2.54
An Overview of the CCA Environment
Figure 1-1 on page 1-3 provides a conceptual framework for positioning the CCA
Security API. Application programs make procedure calls to the API to obtain
cryptographic and related I/O services. The CCA API is designed so that a call can
be issued from essentially any high-level programming language. The call, or
request, is forwarded to the cryptographic-services access layer and receives a
synchronous response. That is, your application program loses control until the
access layer returns a response at the conclusion of processing your request.
The products that implement the CCA API consist of both hardware and software
components. The software consists of application development support and
runtime software components.
The application development support software primarily consists of language
bindings that can be included in new applications to assist in accessing
services available at the API. Language bindings are provided for the C
programming language. The OS/400 Option 35, CCA CSP feature also
provides language bindings for COBOL, RPG, and CL.
1
The runtime software can be divided into the following categories:
– Service-requesting programs, including utility programs and application
programs
– An “agent” function that is logically part of the calling application program or
utility
– An environment-dependent request routing function
– The server environment that gives access to the cryptographic engine.
Generally, the cryptographic engine is implemented in a hardware device that
includes a general-purpose processor and often also includes specialized
cryptographic electronics. These components are encapsulated in a protective
environment to enhance security.
The utility programs include support for administering the hardware access-controls,
administering DES and public-key cryptographic keys, and configuring the software
support. See the IBM 4758 PCI Cryptographic Coprocessor CCA Support Program
Installation Manual, for a description of the utility programs provided with the
Cryptographic Adapter Services licensed software.
No utility programs are available for the CCA support on the IBM eServer iSeries
platform. There are sample programs available for your consideration that
administer hardware access-control and manage DES and public-key cryptographic
keys. If you have Internet access, refer to these topics by following the OS/400 link
from the CCA support page of the product Web site,
http://www.ibm.com/security/cryptocards.
You can create application programs that use the products via the CCA API, or you
can purchase applications from IBM or other sources that use the products. This
book is the primary source of information for designing systems and application
programs that use the CCA API with the IBM 4758 Coprocessor.
1
For availability of the various OS/400 code levels, see the eServer iSeries OS/400 Web site.
1-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005