Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Chapter 2. CCA Node-Management and Access-Control

This chapter discusses:

 The access-control system that you can use to control who can perform various

sensitive operations at what times

 Controlling the cryptographic facility

 Multi-Coprocessor support

 The CCA master-key, what it is, and how you manage the key

 How you can initialize the cryptographic key-storage that is managed by the

support software.

The verbs that you use to accomplish these tasks are listed in Figure 2-1.

Figure 2-1. CCA Node, Access-Control, and Master-Key Management Verbs

Verb Page Service Entry

Point

Svc

Lcn

Access_Control_Initialization 2-21 Initializes or updates access-control tables in the

Coprocessor.

CSUAACI E

Access_Control_Maintenance 2-24 Queries or controls installed roles and user

profiles.

CSUAACM E

Cryptographic_Facility_Control 2-30 Reinitializes the CCA application, sets the

adapter clock, resets the intrusion latch, sets the

CCA environment identifier (EID), sets the

number of master-key shares required and

possible for distributing the master key, loads

the CCA function control vector (FCV) that

manages international export and import

regulation limitations.

CSUACFC E

Cryptographic_Facility_Query 2-34 Retrieves information about the Coprocessor

and the state of master-key-shares distribution

processing.

CSUACFQ E

Cryptographic_Resource_Allocate 2-44 Connects subsequent calls to an alternative

cryptographic resource (Coprocessor).

CSUACRA S

Cryptographic_Resource_Deallocate 2-46 Reverts subsequent calls to the default

cryptographic resource (Coprocessor).

CSUACRD S

Key_Storage_Designate 2-48 Specifies the key-storage file used by the

process.

CSUAKSD S

Key_Storage_Initialization 2-50 Initializes one or the other of the key-storage

files that can store DES or RSA (public/private)

keys.

CSNBKSI S/E

Logon_Control 2-52 Logs on or off the Cryptographic Coprocessor. CSUALCT E

Master_Key_Distribution 2-55 Supports the distribution and reception of

master-key shares.

CSUAMKD E

Master_Key_Process 2-59 Enables the introduction of a master key into the

Coprocessor, the random generation of a

master key, the setting and clearing of the

master-key registers.

CSNBMKP E

Random_Number_Tests 2-64 Enables tests of the random-number generator

and performance of the FIPS-mandated

known-answer tests.

CSUARNT E

Service location (Svc Lcn): E=Cryptographic Engine, S=Security API software

 Copyright IBM Corp. 1997, 2005 2-1

previous next