IBM CEX7S / 4769 library

Product documentation for the IBM CEX7S / 4769 Cryptographic Coprocessor is available in PDF format. To view a PDF document, you need the Adobe® (Adobe Systems Incorporated) Reader®. If you don't have the Reader installed, you can download a complimentary copy from Adobe (link resides outside of ibm.com).


Available on multiple platforms

IBM Z mainframe. The CEX7S / 4769 is available as feature code (FC) 0898 / 0899 (Crypto Express7S, or CEX7S) on IBM Z mainframes (z15® only), either on z/OS® or Linux® on IBM Z® operating systems.

On Linux on IBM Z, IBM offers a CCA API for the CEX7S and a PKCS #11 (EP11) API to the user.

x64 servers. The 4769 is available as machine type-model 4769-001 on x64 servers on Red Hat® Enterprise Linux® (RHEL) 64-bit operating systems. IBM offers a Common Cryptographic Architecture (CCA) Support Program for the IBM 4769 at no charge to the user.
 

IBM PCIe Cryptographic Coprocessor Version 4

CCA Support Program

For Linux on IBM Z, the IBM Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide describes the capabilities of the security application programming interface (API) provided with the CCA Support Program.

For x64 servers, the CCA manuals describe:

  • how to install and use CCA and its tools and utilities,
  • the capabilities of the security application programming interface (API) provided with the CCA Support Program, and
  • how to use the Crypto Hardware Installation and Maintenance (CHIM) program on the workstation

For x64 installations, these manuals are available on the IBM CCA download site. This site also has the IBM Operational Management Manual for CEX7.

Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.


Enterprise PKCS #11 (EP11)

The EP11 manuals, which describe the library structure and capabilities of the cryptographic API provided with the EP11 Library for Linux on Z, as well as other details, are available on the IBM EP11 download site.

Note: To access this site, you must obtain and log in with an IBMid. This process is quick and easy. Instructions are on the download site.


Related products

The IBM CPACF Enablement crypto feature

The IBM Central Processor Assist for Cryptographic Functions (CPACF) feature, IBM Z feature code 3863, provides hardware acceleration for 290-960 MB/sec bulk encryption rate, AES (128, 192, 256 bit), DES (DEA, TDEA2, TDEA3), SHA-1 (160 bit), and SHA-2 (224, 256, 384, 512 bit).

The IBM Cryptographic Coprocessor Facility (CCF)

The Cryptographic Coprocessor Facility (CCF) is an optional hardware feature that provides high-performance cryptographic capabilities for z/VM®, including DES, Triple-DES, RSA, and various finance-industry-specific cryptographic services. IBM zSeries servers, except the zSeries 990, offer the CCF feature.


Standards and technology