Home

 

CryptoHardware (MQCHAR256)

This field gives configuration details for cryptographic hardware connected to the client system. Set the field to one of the following strings, or leave it blank or null:

GSK_ACCELERATOR_RAINBOW_CS_OFF
GSK_ACCELERATOR_RAINBOW_CS_ON
GSK_ACCELERATOR_NCIPHER_NF_OFF
GSK_ACCELERATOR_NCIPHER_NF_ON
GSK_PKCS11=<the PKCS #11 driver path and filename>;<the PKCS #11
token label>;<the PKCS #11 token password>;<symmetric cipher setting>;

Notes:

1. The strings containing

   RAINBOW enable or disable the Rainbow Cryptoswift cryptographic hardware.

2. The strings containing

   NCIPHER enable or disable the nCipher nFast cryptographic hardware.

3. In order to use cryptographic hardware which conforms to the PKCS11 interface, for example, the IBM 4960 or IBM 4963, the PKCS11 driver path, PKCS11 token label, and PKCS11 token password strings must be specified, each terminated by a semi-colon.

   The PKCS #11 driver path is an absolute path to the shared library providing support for the PKCS #11 card. The PKCS #11 driver filename is the name of the shared library. An example of the value required for the PKCS #11 path and filename is:

   /usr/lib/pkcs11/PKCS11_API.so

   The PKCS #11 token label must be entirely in lowercase. If you have configured your hardware with a mixed case or uppercase token label, re-configure it with this lowercase label.

4. If the field is blank or null, it indicates that no cryptographic hardware configuration is required.

If the value is shorter than the length of the field, terminate the value with a null character, or pad it with blanks to the length of the field. If the value is not valid, or leads to a failure when used to configure the cryptographic hardware, the call fails with reason code MQRC_CRYPTO_HARDWARE_ERROR.

This is an input field. The length of this field is given by MQ_SSL_CRYPTO_HARDWARE_LENGTH. The initial value of this field is the null string in C, and blank characters in other programming languages.

 

Home