Filter
Top Products
CCA Release 2.54
The security server and a directory server manage key storage. Applications can
store locally used cryptographic keys in a key-storage facility. This is especially
useful for long-life keys. Keys stored in key storage are referenced through the use
of a key label. Before deciding whether to use the key-storage facility or to let the
application retain the keys, you must consider system design trade-off factors, such
as key backup, the impact of master-key changing, the lifetime of a key, and so
forth.
Overlapped Processing
Calls to the CCA API are synchronous; your program loses control until the verb
completes. Multiple-process threads can make concurrent calls to the API. The
CCA implementation for IBM OS/2 and for Windows NT and Windows 2000 restrict
the number of concurrent outstanding calls for a Coprocessor to 32.
3
You can maximize throughput by organizing your application(s) to make multiple,
overlapping calls to the CCA API. You can also increase throughput by employing
multiple Coprocessors, each with CCA (see “Multi-Coprocessor Capability” on
page 2-10). The limit of 32 concurrent CCA calls applies to each Coprocessor,
and therefore with multiple Coprocessors you can have more than 32 outstanding
CCA API calls.
Within the Coprocessor, the CCA software is organized into multiple threads of
processing. This multi-processing design is intended to enable concurrent use of
the Coprocessor's main engine, PCI communications, DES and SHA-1 engine, and
modular-exponentiation engine.
Host-side Key Caching
Beginning with Release 2, the CCA implementation provided caching of key records
obtained from key storage within the CCA host code. However, the host cache is
unique for each host process. If different host processes access the same key
record, an update to a key record caused in one process will not affect the contents
of the key cache held for other process(es). Beginning with Release 2.41, caching
of key records within the key storage system can be suppressed so that all
processes will access the most current key records. The techniques used to
suppress key-record caching are discussed in the IBM 4758 PCI Cryptographic
Coprocessor CCA Support Program Installation Manual.
3
The limitation of 32 concurrent API calls does not apply to the implementation for AIX.
Chapter 1. Introduction to Programming for the IBM CCA
1-7