Terms and abbreviations

This publication uses the terms and abbreviations listed here.

CA: Certificate authority. A trusted entity, external or internal to your organization, that issues digital certificates. Digital certificates are data files used to prove the identity of a website, person, or device by certifying the ownership of a public key by the named subject of the certificate.
CBC: Cipher block chaining. A method of reducing repetitive patterns in ciphertext by performing an exclusive-OR operation on each 8-byte block of data with the previously encrypted 8-byte block before it is encrypted.
CCA mode: Common Cryptographic Architecture. Crypto Express adapters can work in different modes, whereof CCA is one.
CSR: Certificate signing request. An electronic message that an organization sends to a CA to obtain a certificate. The request includes a public key and is signed with a private key; the CA returns the certificate after signing with its own private key.
dm-crypt: dm-crypt is the device mapper crypto target of the Linux kernel crypto target. It is a disk encryption subsystem, and is part of the device mapper infrastructure.
EKMF: IBM Enterprise Key Management Foundation. EKMF provides centralized key management for IBM cryptographic products on multiple platforms.
EKMF Web: IBM Enterprise Key Management Foundation Web is a web application that you use to manage keys on IBM Z and LinuxONE systems.
HSM: Hardware security module. A tamper-protected cryptographic device that protects master keys from being inspected. IBM Crypto Express CCA coprocessors and EP11 coprocessors are certified as HSMs. Each domain of an IBM Crypto Express coprocessor constitutes a virtual HSM and maintains a domain-specific master key or a set of master keys.
HSM master key: Each domain of a Crypto Express cryptographic coprocessor can contain active master keys which are used to generate secure keys.
KMIP: Key Management Interoperability Protocol (KMIP) is a client/server communication protocol for the storage and maintenance of key, certificate, and secret objects.
KMS: Key management system
LUKS2: Linux Unified Key Setup version 2 is used for disk encryption management.
protected key: A protected key is a key encrypted by a firmware master key.
secure key: A secure key is a key encrypted by an HSM master key.
TLS: Transport Layer Security. A set of encryption rules that uses verified certificates and encryption keys to secure communications over the Internet. TLS is an update to the SSL protocol.
zkey repository: An access-controlled list of secure keys managed by the zkey utility.