Managing the Cryptographic Coprocessor

 

After you set up your Cryptographic Coprocessor, you can begin writing programs to make use of your Cryptographic Coprocessor's cryptographic functions. This section is mainly for i5/OS™ application use of the Cryptographic Coprocessor.

Many of the pages in this section include one or more program examples. Change these programs to suit your specific needs. Some require that you change only one or two parameters while others require more extensive changes. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.

  • Logging on or off of the Cryptographic Coprocessor
    You can log on or off the Cryptographic Coprocessor by working with role-restricted i5/OS APIs.

  • Query status or request information
    You can query the Cryptographic Coprocessor on your system running the i5/OS operating system to determine characteristics such as which algorithms are enabled, the key lengths it supports, the status of the master key, the status of cloning, and the clock setting.

  • Initializing a key store file
    A key store file is a database file that stores operational keys, i.e. keys encrypted under the master key. This topic provides information on how to keep records of your DES and PKA keys on systems running the i5/OS operating system.

  • Creating DES and PKA keys
    You can create DES and PKA keys and store them in a DES key store. The DES and PKA keys can be created by writing i5/OS programs.

  • Encrypting or decrypting a file
    One of the more practical uses for the Cryptographic Coprocessor on your system running the i5/OS operating system is encrypting and decrypting data files.

  • Working with PINs
    A financial institution uses personal identification numbers (PINs) to authorize personal financial transactions for its customers. A PIN is similar to a password except that a PIN consists of decimal digits and is normally a cryptographic function of an associated account number. You can use the Cryptographic Coprocessor of your system running the i5/OS operating system to work with PINs.

  • Generating and verifying a digital signature
    You can protect data from undetected changes by including a proof of identity value called a digital signature. You can write programs to generate and verify a digital signature for the Cryptographic Coprocessor on your system running the i5/OS operating system.

  • Cloning master keys
    Master key cloning is a method for securely copying a master key from one Cryptographic Coprocessor to another without exposing the value of the master key. If you are using multiple coprocessors with SSL on your system running the i5/OS operating system, use the Cryptographic Coprocessor configuration web-based utility to clone master keys.

 

Parent topic:

4764 and 4758 Cryptographic Coprocessors