IBM sample programs
IBM provides example programs for customers using either CCA or Enterprise PKCS#11 (EP11).
CCA sample programs
IBM provides a Common Cryptographic Architecture (CCA) for its hardware security modules (HSMs) that includes an application programming interface (API) which is intended for systems analysts, applications analysts, and application programmers to evaluate or create programs that employ the CCA API. Users of the CCA API should refer to the manuals that are also available on the Library page for the IBM 4767.
Note: Linux® on IBM Z® users should refer to the Secure Key Solution with the Common Cryptographic Architecture: Application Programmer's Guide, which is also available on the Library page.
IBM provides the following sample programs as examples of how to use and code a subset of the CCA API for the IBM HSMs. These samples target the IBM 4767.
EP11 sample program
IBM's Enterprise PKCS#11 (EP11) is a mode for the CryptoExpress hardware security modules (HSMs) as well as libraries installable on zLinux that offer an application programming interface with the HSMs. On top of this API, PKCS#11 compliant libraries can be built (e.g., OpenCryptoki). Furthermore, the EP11 host library can be used directly to interact functionally and administratively with IBM's HSMs in EP11 mode when a PKCS#11 API is not needed. In the latter case, key storage and session management have to be implemented on top of the available functionality. Additional information about the EP11 Support Program is available on the Linux on Z software download page.
The following example introduces initial setup and running basic functions on an HSM. Examples demonstrating more complicated aspects, such as session handling, key life cycle, and more, will follow soon.
CCA sample programs
Source files
Provides a tar archive of all the CCA sample source files to simplify downloading of samples.
Source files:
Makefiles
Access control system
Initialize one or more roles; query and list defined roles.
Source files:
AES encipher / decipher
Generate a random AES key and use the key to encipher and decipher some data.
Source files:
DES encipher / decipher
Generate a random DES key and use the key to encipher and decipher some data.
Source files:
Calculate / verify MAC
Generate a random HMAC key, then calculate and verify a MAC on a predetermined string of data.
Source files:
Generate / verify digital signature
Generate a random RSA public/private key pair, then use that key pair to sign and verify some sample data.
Source files:
Set up a CCA node
Set up a CCA node for use as a development and test platform using various CCA API calls.
Source files:
TR-31 export / import
Export a DES key that is in a CCA key-token into a TR-31 key-token and import that DES key from the TR-31 key-token back into a CCA key-token.
Source files:
PIN operations
Generate a random HMAC key, then calculate and verify a MAC on a predetermined string of data.
Source files:
Performance
Test performance of various CCA verbs.
Source files: