Remote crypto plug-in

The remote crypto plug-in in the z/OS® LDAP server provides access to a PKCS #11 or CCA services implementation for client applications that do not have local access to one. PKCS #11 is one of the cryptographic standards of Public Key Cryptographic Standards (PKCS) that define a platform independent API to cryptographic tokens. The PKCS #11 standard defines the types of cryptographic tokens and how to use, create, and delete tokens, including how to encrypt, decrypt, and hash data with those tokens. See PKCS #11: Cryptographic Token Interface Standard for more information.

The remote crypto plug-in uses ICSF (Integrated Cryptographic Security Facility) support for its PKCS #11 or CCA services implementation. This plug-in supports the RemoteCryptoPKCS#11 and RemoteCryptoCCA extended operations that allow any LDAP client application with a successfully bound and authorized user to perform any PKCS #11 or CCA services API by invoking the appropriate ICSF callable service. The RemoteCryptoPKCS#11 and RemoteCryptoCCA extended operations are generic extended operations that allow an LDAP client application to specify the same data as if invoking the ICSF callable service locally. See z/OS Cryptographic Services ICSF Application Programmer's Guide and z/OS Cryptographic Services ICSF Writing PKCS #11 Applications for more information about the ICSF callable services that support the PKCS #11 standard.

The remote crypto plug-in supports the level of ICSF shipped with z/OS version 2, release 1.