Specifications
© Copyright IBM Corp. 2009, 2013. All rights reserved. 131
Chapter 13. Cryptographic adapter
A 1090 system can emulate several cryptographic adapters as CEX3C devices.
1
Each of the
CEX3C emulated adapters runs as separate Linux processes and, if sufficient base
processors are available to permit these threads to be dispatched in parallel by Linux, can run
asynchronously with the 1090 CPs. CEX3C includes the following:
DES (56, 112, 168 bits), with encryption, decryption, MAC, and key management.
PIN processing (for credit cards).
AES (128, 192, and 256 bits), with encryption, decryption, and key management.
ECC (Brainpool p-160 to p-512, Prime p-192 to p-521), including digital signatures.
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 (all for hashing).
MD5 (for hashing).
RSA (up to 4096 bits), for digital signatures, key generation, and key management.
Do not confuse a cryptographic adapter with the cryptographic instructions that are always
available with a zPDT system. These are the KM, KMC, KIMD, KLMD, and KMAC instructions
that provide a number of fundamental cryptographic operations. Also, note that the terms
cryptographic adapter and cryptographic coprocessor are used synonymously in this
document.
The cryptographic instructions may be coded directly in a program or used through ICSF
programming interfaces. For practical purposes, the cryptographic coprocessor facilities are
available only through ICSF programming interfaces.
TKE systems, which are personal computers with unique software and an appropriate
cryptographic adapter, are not used with zPDT.
13
1
Previous zPDT releases emulated CEX2C devices.