Supported facilities
The cryptographic device driver supports several cryptographic accelerators as well as CCA and EP11 coprocessors.
Cryptographic accelerators support clear key cryptographic algorithms. In particular, they provide fast RSA encryption and decryption for key sizes 1024 - 4096-bit.
Cryptographic coprocessors act as a hardware security module (HSM) and provide secure key cryptographic operations for the IBM® Common Cryptographic Architecture (CCA) and the Enterprise PKCS#11 feature (EP11).
For more information about CCA, see Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide, SC33-8294. You can obtain this book at ibm.com/docs/en/linux-on-systems?topic=overview-secure-key-solution-cca-application-programmers-guide.
For more information about EP11, see Exploiting Enterprise PKCS #11 using openCryptoki, SC34-2713. You can obtain this publication at ibm.com/docs/en/linux-on-systems?topic=security-cryptographic-hardware-support.
Cryptographic coprocessors also provide clear key RSA operations for 1024-bit, 2048-bit, and 4096-bit keys, and a true random number generator for /dev/hwrng. The EP11 coprocessor supports only secure key operations.