i5/OS: 2058 Cryptographic Accelerator

2058 Cryptographic Accelerator

The 2058 Cryptographic Accelerator provides a competitive option to customers who do not require the high security of a Cryptographic Coprocessor, but do need the high cryptographic performance that hardware acceleration provides to offload a host processor. The 2058 Cryptographic Accelerator is available for customers to use with a V5R2 (or later) system running the i5/OS^® operating system.
The 2058 Cryptographic Accelerator has been designed to improve the performance of those SSL applications that do not require secure key storage. You can also use the 2058 Cryptographic Accelerator to offload processing for DES, Triple DES, SHA-1, and RSA encryption methods, when using Cryptographic Services APIs. See the Cryptographic Services APIs for more information.
The 2058 Cryptographic Accelerator does not provide tamper-resistant storage for keys, like the Cryptographic Coprocessor hardware. Depending on the model of system you have, you can install up to a maximum of eight Cryptographic Accelerators. You can install a maximum of four Cryptographic Accelerators per partition.
The 2058 Cryptographic Accelerator provides special hardware which is optimized for RSA encryption (modular exponentiation) with data key lengths up to 2048 bits. It also provides functions for DES, TDES, and SHA-1 encryption methods. The 2058 Accelerator uses multiple RSA (Rivest, Shamir and Adleman algorithm) engines.

Features
This topic provides information about the features of the 2058 Cryptographic Accelerator on your system running the i5/OS operating system.
Scenario: Enhancing system SSL performance
In this scenario, a company orders and installs 2058 Cryptographic Accelerator is a PCI (Peripheral Component Interconnect) card. This card is specially designed to accelerate the very compute intensive processing required when establishing a SSL/TLS session. The scenario specifies the steps this company makes to get the card configured to enhance the SSL performance of its system running the i5/OS operating system.
Planning for the 2058 Cryptographic Accelerator
Depending on the system model you have, you can install up to a maximum of eight IBM Cryptographic Accelerators. You must ensure that your system meets the hardware and software requirements to use the Cryptographic Accelerator.
Configuring the 2058 Cryptographic Accelerator
You must create a device description so that i5/OS SSL can direct RSA cryptographic operations to the 2058 Cryptographic Accelerator. You can create a device description by using the Create Device Description (Crypto) (CRTDEVCRP).

Parent topic:
Cryptography
Related information
iSeries Performance