Table of Contents (exploded view)
Cryptographic Services ICSF: Writing PKCS #11 Applications
Summary of changes
Changes made in Enhanced Cryptographic Support for z/OS V1R13 - z/OS V2R1 (FMID HCR77B0)
Changes made in Cryptographic Support for z/OS V1R13-V2R1 (FMID HCR77A1)
Overview of z/OS support for PKCS #11
Tokens
Secure key PKCS #11
The token data set (TKDS)
Controlling token access and key policy
Managing tokens
Sample scenario for setting up z/OS PKCS #11 tokens
Sample scenario for controlling clear key processing
Auditing PKCS #11 functions
Component trace for PKCS #11 functions
Object types
Session objects
Token objects
Operating in compliance with FIPS 140-2
Requiring signature verification for ICSF module CSFINPV2
Requiring FIPS 140-2 compliance from all z/OS PKCS #11 applications
Requiring FIPS 140-2 compliance from select z/OS PKCS #11 applications
Specifying FIPS 140-2 compliance from within a z/OS PKCS #11 application
Preparing to use PKCS #11 applications
Tasks for the system programmer
Tasks for the security administrator
Tasks for the auditor
Tasks for application programmers
The C API
Using the C API
Deleting z/OS PKCS #11 tokens
Environment
Cross memory considerations
Key types and mechanisms supported
Objects and attributes supported
Library, slot, and token information
Functions supported
Standard functions supported
Non-standard functions supported
Non-standard mechanisms supported
Enterprise PKCS #11 coprocessors
Key algorithms/usages that are unsupported or disallowed by the Enterprise PKCS #11 coprocessors
PKCS #11 Coprocessor Access Control Points
Standard compliance modes
Function return codes
Troubleshooting PKCS #11 applications
Sample PKCS #11 C programs
Running the pre-compiled version of testpkcs11
Steps for running the pre-compiled version of testpkcs11
Building sample PKCS #11 applications from source code
ICSF PKCS #11 callable services
SMP/E installation data sets, directories, and files
Source code for the testpkcs11 sample program