z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Usage Notes

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

With a PCIXCC, CEX2C, or CEX3C, you can write NOCV keys to the CKDS without being in supervisor state.

Secure AES tokens in the CKDS can only be overwritten by a secure AES token encrypted under the same AES master keys. The same is true for secure DES tokens.

DES tokens cannot be overwritten by an AES token. AES tokens cannot be overwritten by a DES token.

Secure key tokens cannot be processed when the master key is not loaded.

Clear AES and DES tokens can be processed on a system without a cryptographic coprocessor or accelerator.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 250. CKDS record write required hardware
ServerRequired cryptographic hardwareRestrictions
IBM eServer zSeries 900None.
IBM eServer zSeries 990

IBM eServer zSeries 890

None.
IBM System z9 EC

IBM System z9 BC

None.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014