Secure Sockets APIs

Secure sockets consists of the following APIs:

• IBM^® i Global Secure Toolkit (GSKit) APIs
  
  
• IBM i SSL_ APIs
  
  
• Open SSL APIs

The IBM i Global Secure Toolkit (GSKit) and IBM i SSL_ application programming interfaces (APIs) are a set of functions that, when used with the IBM i sockets APIs, are designed to enable and facilitate secure communications between processes on a network. The GSK Secure Toolkit (GSKit) APIs are the preferred set of APIs to be used to securely enable an application using Secure Sockets Layer/Transport Layer Security (SSL/TLS). The SSL_ APIs also can be used to enable an application to use the SSL/TLS Protocol.

SSL provides communications privacy over an open communications network (that is, the Internet). The protocol allows client/server applications to communicate to prevent eavesdropping, tampering, and message forgery. The SSL protocol connection security has three basic properties:

• The connection is private. Encryption using secret keys is used to encrypt and decrypt the data. The secret keys are generated on a per SSL session basis using an SSL handshake protocol. An SSL handshake is a series of protocol packets sent in a particular sequence, which use asymmetric cryptography to establish an SSL session. Symmetric cryptography is used for application data encryption and decryption.
  
  
• The peer's identity can be authenticated using asymmetric, or public key cryptography.
  
  
• The connection is reliable. Message transport includes a message integrity check using a keyed Message Authentication Code (MAC). Secure hash functions are used for MAC computations.

When creating ILE programs or service programs that use the IBM i GSKit or SSL_ APIs, you do not need to explicitly bind to the secure sockets service program QSYS/QSOSSLSR because it is part of the system binding directory.

The GSKit and SSL_ API documentation describes the GSKit and SSL_ APIs only. This documentation does not include any information about how to configure or obtain any of the cryptographic objects, such as a key ring file or certificate, that are required to fully enable an application for SSL. Some cryptographic objects, such as certificate store files, are required parameters for GSKit and SSL_ APIs. information about how to configure the cryptographic objects required for the IBM i secure socket APIs, or how to configure a secure web server, which also uses the secure socket APIs, can be found using the following references:

• IBM HTTP Server for i
  
  
• Secure Sockets Layer in the information center Security category (SSL prerequisites discusses what you must install and configure before using secure sockets.)
  
  
• Cryptography

For background information about GSKit and SSL_ APIs, see:

• Secure sockets in the Socket programming topic collection

---

[ Back to top | UNIX-Type APIs | APIs by category ]