z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Usage Notes

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

The Prohibit Export access control point controls the function of this service.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 78. Prohibit export required hardware
ServerRequired cryptographic hardwareRestrictions
IBM eServer zSeries 900PCI Cryptographic CoprocessorOn a PCI Cryptographic Coprocessor, the Prohibit Export service does not support NOCV key-encrypting keys, or DATA, DATAM, DATAMV, MAC, or MACVER keys with standard control vectors (for example, control vectors supported by the Cryptographic Coprocessor Feature).
IBM eServer zSeries 990

IBM eServer zSeries 890

PCI X Cryptographic Coprocessor

Crypto Express2 Coprocessor

DATA keys are not supported. Old, internal DATAM and DATAMV keys are not supported.
IBM System z9 EC

IBM System z9 BC

Crypto Express2 CoprocessorDATA keys are not supported. Old, internal DATAM and DATAMV keys are not supported.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014