The PKCS #11 C language API (described in
The C API)
requires a Language Environment (LE) runtime to operate. Although
an LE is normally provided with C application programs, if you are
coding your application in some other language (for example, Assembler),
acquiring an LE runtime may not be desirable. For these situations,
ICSF provides a base set of PKCS #11 callable services that you can
use. (In fact, the C API itself uses these services.) These callable
services do not require an LE runtime. The ICSF PKCS #11 callable
services include:
- Derive key (CSFPDVK)
- Derive multiple keys (CSFPDMK)
- Generate HMAC (CSFPHMG)
- Generate key pair (CSFPGKP)
- Generate secret key (CSFPGSK)
- Get attribute value (CSFPGAV)
- One-way hash generate (CSFPOWH)
- Private key sign (CSFPPKS)
- Pseudo-random function (CSFPPRF)
- Public key verify (CSFPPKV)
- Secret key decrypt (CSFPSKD)
- Secret key encrypt (CSFPSKE)
- Set attribute value (CSFPSAV)
- Token record create (CSFPTRC)
- Token record delete (CSFPTRD)
- Token record list (CSFPTRL)
- Unwrap key (CSFPUWK)
- Verify HMAC (CSFPHMV)
- Wrap key (CSFPWPK)
Calls to the system authorization facility (SAF) determine access
authorization for the callable services. The CSFSERV class controls
access to the PKCS #11 callable services.
For details about the PKCS #11 callable services, see z/OS Cryptographic Services ICSF Application Programmer's Guide.