Purpose of this information
This information
describes how to manage cryptographic keys by using the z/OS Cryptographic
Services Integrated Cryptographic Service Facility (ICSF),
which
is part of z/OS Cryptographic Services. The z/OS Cryptographic Services
include these components: - z/OS Integrated Cryptographic Service Facility (ICSF)
- z/OS Open Cryptographic Services Facility (OCSF)
- z/OS System Secure Socket Level Programming (SSL)
- z/OS Public Key Infrastructure Services (PKI)
ICSF is a software element of z/OS that works with hardware
cryptographic features and Security Server (RACF) to provide secure,
high-speed cryptographic services in the z/OS environment. ICSF provides
the application programming interfaces by which applications request
the cryptographic services. The cryptographic feature is secure, high-speed
hardware that performs the actual cryptographic functions.
The
cryptographic hardware features available to your applications depend
on the server.
ICSF features
ICSF enhances z/OS security
as follows:
- It ensures data privacy by encrypting and decrypting the data.
- It manages personal identification numbers (PINs).
- It ensures the integrity of data through the use of modification
detection codes (MDCs), hash functions, or digital signatures.
- It ensures the privacy of cryptographic keys themselves by encrypting
them under a master key or another key-encrypting key.
- It enforces DES key separation, which ensures that cryptographic
keys are used only for their intended purposes.
- It enhances system availability by providing continuous operation.
- It enables the use of Rivest-Shamir-Adelman (RSA), Digital Signature
Standard (DSS), and Elliptic Curve Cryptography (ECC) public and private
keys on a multi-user, multi-application platform.
- It provides the ability to generate RSA and ECC key pairs within
the secure hardware boundary of the cryptographic hardware features.
Who should read this information
This information
is intended for anyone who manages cryptographic keys. Usually, this
person is the ICSF administrator.
The ICSF administrator performs
these major tasks:
- Entering and changing master keys.
- Generating, entering, and updating cryptographic keys.
- Viewing system status, which includes hardware status, installation
options, installation exits, and installation services.