CEX8S / 4770 Library

This page provides product documentation information for the IBM CEX8S / 4770 HSM.

Product documentation for the IBM CEX8S / 4770 Cryptographic Coprocessor is available in PDF format. To view a PDF document, you need the Adobe® (Adobe Systems Incorporated) Reader®.

Download a complimentary copy of Adobe Reader

Available on the Following Platforms

IBM Z mainframe.
The CEX8S / 4770 is available as feature code (FC) 0851 (Crypto Express8S, or CEX8S) on IBM Z mainframes (z16® only), either on z/OS® or Linux® on IBM Z® operating systems.

On Linux on IBM Z, IBM offers a CCA API for the CEX8S and a PKCS #11 (EP11) API to the user.

CCA Support Program

For Linux on IBM Z, the IBM Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide describes the capabilities of the security application programming interface (API) provided with the CCA Support Program. There are additional documents for the Linux on IBM Z Host Code Installation including the license, readme, and release notes located at this IBM download site.
Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.

Independent Review of IBM Custom Key Block Formats

IBM CCA introduced the first proprietary TDES key block (also known as a key token) to be independently reviewed and confirmed to be compliant with Payment Card Industry (PCI) Security Standard Council (SSC) PIN Security key block requirements from September 2020.

For additional information, please see the news item May 6, 2021 | All HSMs with CCA | PCI PIN Security - first independently reviewed TDES key block.

Enterprise PKCS #11 (EP11)

The EP11 manuals, which describe the library structure and capabilities of the cryptographic API provided with the EP11 Library for Linux on Z, as well as other details, are available on the IBM EP11 download site.
Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.

Standards and Technology

Standards and technology