z/OS DFSMSdss Storage Administration
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Hardware requirements for encryption and decryption

z/OS DFSMSdss Storage Administration
SC23-6868-01

If you plan to use the RSA option with DFSMSdss to encrypt the data-encrypting key, you must consider the cryptographic hardware that exists at the site that will decrypt the data. Not all types of RSA private keys are supported by all types of cryptographic hardware.

Table 1 summarizes the RSA private tokens and required cryptographic hardware for decryption.
Table 1. RSA private tokens and required cryptographic hardware for decryption
RSA private key token (internal) Required cryptographic hardware
RSA private key token 1024 — Modulus-Exponent Internal form One of the following:
  • Cryptographic Coprocessor feature
  • PCI X Cryptographic Coprocessor
  • Crypto Express2 Coprocessor.
RSA private key token 1024 — Chinese Remainder Theorem Internal form One of the following:
  • PCI Cryptographic Coprocessor
  • PCI X Cryptographic Coprocessor
  • Crypto Express2 Coprocessor.
RSA private key token 2048 — Chinese Remainder Theorem Internal form One of the following:
  • PCI Cryptographic Coprocessor with LIC January 2005 or later, and z/OS® ICSF HCR770B or later
  • PCI X Cryptographic Coprocessor
  • Crypto Express2 Coprocessor.

For more information, refer to z/OS Cryptographic Services ICSF Application Programmer's Guide.

Parent topic: Using host-based encryption to secure backups

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014