How application programs obtain service
Application programs and utility programs obtain services from the security product by issuing service requests to the runtime subsystem of software and hardware. Use a procedure call according to the rules of your application language.
When the cryptographic services access layer receives requests concurrently from multiple application programs, it serializes the requests and returns a response for each request. There are other multiprocessing implications arising from the existence of a common master-key and a common key-storage facility. These implications are covered by separate topics of this publication.
The way application programs and utilities are linked to the API services depends on the computing environment. In the Linux® environment, the operating system dynamically links application security API requests to the subsystem shared object library code. Compile application programs that use CCA and link the compiled programs to the CCA library. The library and its default distribution location is /usr/lib64/libcsulcca.so.
Together, the security API shared library and the environment-dependent request routing mechanism act as an agent on behalf of the application and present a request to the server. Requests can be issued by one or more programs. Each request is processed by the server as a self-contained unit of work. The programming interface can be called concurrently by applications running as different processes. The security API can be used by multiple threads in a process and is thread safe.
In each server environment, a device driver provided by IBM® supplies low-level control of the hardware and passes the request to the hardware device. Requests can require one or more I/O commands from the security server to the device driver and hardware.
The security server and a directory server manage key storage. Applications can store locally used cryptographic keys in a key-storage facility. This is especially useful for long-life keys. Keys stored in key storage are referenced using a key label. Before deciding whether to use the key-storage facility or to let the application retain the keys, consider system design trade-off factors, such as key backup, the impact of master-key changing, the lifetime of a key, and so forth.