IBM's Enterprise PKCS#11 (EP11) is a mode for the CryptoExpress hardware security modules (HSMs) as well as libraries installable on zLinux that offer an application programming interface with the HSMs. On top of this API, PKCS#11 compliant libraries can be built (e.g., OpenCryptoki). Furthermore, the EP11 host library can be used directly to interact functionally and administratively with IBM's HSMs in EP11 mode when a PKCS#11 API is not needed. In the latter case, key storage and session management have to be implemented on top of the available functionality. Additional information about the EP11 Support Program is available on the Linux on Z software download page.
The following example introduces initial setup and running basic functions on an HSM. Examples demonstrating more complicated aspects, such as session handling, key life cycle, and more, will follow soon.