General information about libica

Edit online

The libica library provides hardware support by cryptographic coprocessors and CPACF for cryptographic functions.

The cryptographic coprocessors are used for asymmetric cryptographic functions. The CPACF is used for symmetric encryption and decryption, pseudo random number generation, message authentication, secure hashing, and, since IBM z15® (MSA 9), for EC sign and verify operations. For some of these functions, if the hardware is not available or failed, libica uses the low-level cryptographic functions of OpenSSL, if available.

This product includes software that is developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org). This product includes cryptographic software that is written by Eric Young (eay@cryptsoft.com).

The libica library is part of the openCryptoki project in GitHub. It is primarily used by OpenSSL through the IBM® OpenSSL CA engine or by openCryptoki through the ICA token. A higher level of security can be achieved by using it through the PKCS #11 API implemented by openCryptoki.

The libica library is optimized to work on IBM Z® hardware.

IBM reserves the right to change or modify this API at any time. However, an effort is made to keep the API compatible with later versions within a major release.

You can use the icastats utility to obtain statistics about cryptographic processes. See icastats - Show use of libica functions for more information.

libica is an open source project and can be found at: 
https://github.com/opencryptoki/libica/releases

In the extracted source package, you also find test cases for all APIs in directory /src/tests/.