Cryptocards - sample code

IBM provides a Common Cryptographic Architecture (CCA) for its hardware security modules (HSMs) that includes an application programming interface (API) which is intended for systems analysts, applications analysts, and application programmers to evaluate or create programs that employ the CCA API. Users of the CCA API should refer to the manuals that are available on the IBM CCA download site. Additional information about each IBM cryptographic adapter is available on each adapter's product pages. See the Products drop-down menu on the navigation menu above the page heading.

Note: Linux® on IBM Z® users should refer to the Secure Key Solution with the Common Cryptographic Architecture: Application Programmer's Guide, which is available on the IBM Docs site.

IBM provides the following sample programs as examples of how to use and code a subset of the CCA API for the IBM HSMs. Samples that target the IBM 4769 are available on the IBM CCA download site.

Note: to access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.

IBM's Enterprise PKCS#11 (EP11) is a mode for the CryptoExpress hardware security modules (HSMs) as well as libraries installable on zLinux that offer an application programming interface with the HSMs. On top of this API, PKCS#11 compliant libraries can be built (e.g., OpenCryptoki). Furthermore, the EP11 host library can be used directly to interact functionally and administratively with IBM's HSMs in EP11 mode when a PKCS#11 API is not needed. In the latter case, key storage and session management have to be implemented on top of the available functionality. Additional information about the EP11 Support Program is available on the Linux on Z software download page.

An EP11 example that introduces initial setup and running basic functions on an HSM is available on the IBM EP11 download site.