4769 CCA Software Releases

Edit online

This page provides information about the CCA releases for the IBM 4769 HSM.

CCA Releases 7.5

The new IBM 4769 CCA Support Program release 7.5 is available for download by all customers who use the IBM 4769-001 on Linux on x64 servers.

MTM CCA Release 7.5 is supported on the following 64-bit operating systems:
  • Red Hat Enterprise Linux (RHEL) Server 9.3, 8.9
  • IBM AIX 7.3, 7.2
  • IBM I 7.5, 7.4, 7.3
The CCA Basic Services Reference, along with other IBM cryptographic adapter publications, is available on the IBM CCA download site.
Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.
Summary of enhancements for release 7.5:
  • TR-31 Import / Export of AES K0-B and K1-B Key Blocks
  • New CCA service: Multi-MAC Scheme (CSNBMMS)
  • 4769 Release of CCA 7.5 (for Power, IBM i, x86)

For more information, see the IBM Crypt Education Community blog post, CCA 8.2, 7.5 for IBM Z and CCA 7.5 for 4769 on IBM Power.

CCA Release 7.3

The new IBM 4769 CCA Support Program release 7.3 is available for download by all customers who use the IBM 4769-001 on Linux on x64 servers.

MTM CCA Release 7.3 is supported on the following 64-bit operating systems:
  • Red Hat Enterprise Linux (RHEL) Server 8.5

The CCA Basic Services Reference, along with other IBM cryptographic adapter publications, is available on the IBM CCA download site.
Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.
Summary of enhancements for release 7.3:
  • WRAPENH3 – A new wrapping method to ensure our customers meet the PCI key block requirements
  • Fix for T31 PSIRT
  • Dual Control and Single Control administration options
  • PCI-HSM Compliance
    • PCI-HSM key store migration utility enhancements
    • CHIM Tool updates for PCI-HSM administration

CCA Release 7.2

The new IBM 4769 CCA Support Program release 7.2 is available for download by all customers who use the IBM 4769-001 on Linux on x64 servers.

MTM CCA Release 7.2 is supported on the following 64-bit operating systems:
  • Red Hat Enterprise Linux (RHEL) Server 8.3

The CCA Basic Services Reference, along with other IBM cryptographic adapter publications, is available on the IBM CCA download site.
Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.
Summary of enhancements for release 7.2:
  • Feistel-based Format Preserving Encryption (FF1, FF2, FF2.1). Format Preserving Counter Mode (FPCM) as defined in x9.24 Part 2.
  • Elliptic Curve Edwards curves 25519 and 448, secp256k1 for digital signatures and key management. Signature formatting methods RSA-PSS.
  • Full ISO-4 PIN block support and AES-protected EMV messages.
    • PIN Translation between ISO formats including ISO-4
    • AES based PIN processing
    • AES-DUKPT for PIN services
  • CRYSTALS-Dilithium-6,5 (Round 2).
  • Audit log secured by the HSM.
  • Warning Mode to support analysis for transition to full compliance mode.
    • Determine which functions in your application are not PCI HSM compliant.
    • Determine which of your keys are not PCI HSM compliant.
  • X9 TR-34 remote key distribution as specified in X9 TR34-2012.
  • Full/native X.509 certificate support for public key services.
  • ACP Interval Tracking.
  • Support for single and dual control operations for device administration.
  • Allocation of adapter by serial number.

Restrictions

The CHIM utility has a list of restrictions mentioned in the CHIM User's Guide, which is available on the IBM CCA download site. Please refer to that document for restrictions and workarounds.