CEX8S / 4770 Library
This page provides product documentation information for the IBM CEX8S / 4770 HSM.
Product documentation for the IBM CEX8S / 4770 Cryptographic Coprocessor is available in PDF format. To view a PDF document, you need the Adobe® (Adobe Systems Incorporated) Reader®.
Available on the Following Platforms
IBM Z mainframe.
IBM Z® mainframes (z16®) as feature code (FC) 0851 (Crypto Express8S, or CEX8S). IBM Z® mainframes (z17®) as FC 0908 (two CEX8S per feature) or FC 0909 (one CEX8S per feature). The CEX8S / 4770 is available on IBM Z mainframes, either on z/OS® or Linux® on IBM Z® operating systems.
On Linux on IBM Z, IBM offers a CCA API for the CEX8S and a PKCS #11 (EP11) API to the user.
IBM Power Systems.
On IBM POWER11® systems, the 4770 is available as EPG4, EPG5, or EPG6, Customer Card Identification Number (CCIN) C138, on IBM AIX®, IBM i®, or PowerLinux® (with certain Red Hat® Enterprise Linux (RHEL) operating systems).
HSM CEX7S / 4770 General Documentation
These manuals apply to the IBM CEX7S/4770 Cryptographic Coprocessor.
IBM 4770 Data Sheet (PDF, 801 KB)
IBM 4770 PCIe Cryptographic Coprocessor Installation Manual (PDF, 933
KB)
IBM CEX8S Operational Management Manual (PDF, 1 GB)
IBM Systems Environmental Notices and User Guide, Z125-5823 (PDF, 3.7
MB)
IBM Systems Safety Notices, G229-9054 (PDF, 54
MB)
IBM Warranty Information, SC23-6884 (PDF, 1.8 MB)
IBM Support -
Machine warranties and license information
IBM License Agreement for Machine Code (Contains Form
Z125-5468-06)
IBM License Agreement for Machine Code Addendum for Cryptography
(Contains Form Z125-8449-01)
CCA Support Program
Independent Review of IBM Custom Key Block Formats
IBM CCA introduced the first proprietary TDES key block (also known as a key token) to be independently reviewed and confirmed to be compliant with Payment Card Industry (PCI) Security Standard Council (SSC) PIN Security key block requirements from September 2020.
For additional information, please see the news item May 6, 2021 | All HSMs with CCA | PCI PIN Security - first independently reviewed TDES key block.
IBM 4770 Custom Programming
- Custom Software Developer's Toolkit Guide describes the tools that enable developers to build applications for the IBM 4770, authenticate programs, and load programs into the IBM 4770.
- Custom Software Interface Reference describes the function calls that applications running in the IBM 4770 use to obtain services from the coprocessor operating system and from the coprocessor device driver in the host system.
- CCA User Defined Extensions Reference and Guide describes the user-defined extensions programming environment within the CCA application in the IBM 4770, the method for extending the CCA host API, and the application programming interface reference for these environments.
- Interactive Code Analysis Tool (ICAT) describes the tool that developers use to debug applications running on the IBM 4770.