Introduction

The Linux on Z Enterprise PKCS #11 (EP11) enablement allows applications to use a PKCS #11 API to run secure key cryptographic operations on an IBM® Crypto Express adapter that is configured as an Crypto Express EP11 coprocessor. The CEX4S adapter card is the first Crypto Express adapter which can be configured as an EP11 coprocessor.

The Linux on Z EP11 enablement comprises several components that need to be installed and configured within certain locations of the EP11 stack as described in The EP11 crypto stack.

An application's request is first submitted to a PKCS #11 API, implemented by the openCryptoki library and the EP11 token. From this token, the request is propagated to the Crypto Express EP11 coprocessor. The request is then processed on this coprocessor. The resulting output is finally returned to the application across the involved interfaces.

The EP11 cryptography architecture offers a secure key infrastructure.

This introduction provides information about the standard software that is used in this implementation and about the used Crypto Express EP11 coprocessor (shortly referred to as CEX*P, which stands for any type of a Crypto Express EP11 coprocessor).