IBM CEX6S / 4768 library
Product documentation for the IBM 4768 is available in PDF format. To view a PDF document, you need the Adobe® (Adobe Systems Incorporated) Reader®. If you don't have the Reader installed, you can download a complimentary copy from Adobe (link resides outside of ibm.com).
IBM 4768 availability
IBM Z mainframe. The IBM 4768 is available as feature code (FC) 0893 (Crypto Express6S, or CEX6S) on IBM Z mainframes (z14® only), either on z/OS® or Linux® on z Systems® operating systems.
On Linux on IBM Z, IBM offers a CCA API for the CEX6S and a PKCS #11 (EP11) API to the user.
Publications for these installations are discussed below.
HSM CEX6S general documentation
These manuals apply to the IBM CEX6S Cryptographic Coprocessor.
IBM 4768 Data Sheet (PDF, 262 KB)
IBM CEX6S Operational Management Manual (PDF, 1,9 MB)
IBM Systems Environmental Notices and User Guide, Z125-5823
IBM Systems Safety Notices, G229-9054
IBM Statement of Limited Warranty, Z125-4753
IBM License Agreement for Machine Code (Contains Form Z125-5468-06)
IBM License Agreement for Machine Code Addendum for Cryptography (Contains Form Z125-8448)
CEX6S CCA
The Secure Key Solution manual describes the capabilities of the security application programming interface (API) provided with the CCA Support Program.
Manuals by platform
| Platform | Manual |
|---|---|
| Linux on IBM Z | IBM Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide (PDF, 7 MB) |
Independent review of IBM custom key block formats
IBM CCA introduced the first proprietary TDES key block (also known as a key token) to be independently reviewed and confirmed to be compliant with Payment Card Industry (PCI) Security Standard Council (SSC) PIN Security key block requirements from September 2020.
The independent review report is publicly available as required by PCI SSC PIN requirement 18-3. It is posted on the IBM CryptoCards public download site (PDF, 1.1 MB).
For additional information, please see the May 6, 2021 news item on our News page.
CEX6S Enterprise PKCS #11 (EP11)
The EP11 manuals, which describe the library structure and capabilities of the cryptographic API provided with the EP11 Library for Linux on Z, as well as other details, are available on the IBM EP11 download site.
Note: to access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.
Related products
The IBM CPACF Enablement crypto feature
The IBM Central Processor Assist for Cryptographic Functions (CPACF) feature, IBM Z feature code 3863, provides hardware acceleration for 290-960 MB/sec bulk encryption rate, AES (128, 192, 256 bit), DES (DEA, TDEA2, TDEA3), SHA-1 (160 bit), and SHA-2 (224, 256, 384, 512 bit).
The IBM Cryptographic Coprocessor Facility (CCF)
The Cryptographic Coprocessor Facility (CCF) is an optional hardware feature that provides high-performance cryptographic capabilities for z/VM®, including DES, Triple-DES, RSA, and various finance-industry-specific cryptographic services. IBM zSeries servers, except the zSeries 990, offer the CCF feature.