Chapter 1. Introducing Cryptography and ICSF
Total Page:16
File Type:pdf, Size:1020Kb
z/OS Version 2 Release 3 Cryptographic Services Integrated Cryptographic Service Facility Overview IBM SC14-7505-06 Note Before using this information and the product it supports, read the information in “Notices” on page 83. This edition applies to ICSF FMID HCR77C0 and Version 2 Release 3 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-06-24 © Copyright International Business Machines Corporation 1996, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures................................................................................................................ vii Tables.................................................................................................................. ix About this information.......................................................................................... xi ICSF features............................................................................................................................................... xi Who should use this information................................................................................................................ xi How to use this information........................................................................................................................ xi Where to find more information.................................................................................................................xii The ICSF library.....................................................................................................................................xii Related publications............................................................................................................................ xiii Information on other IBM cryptographic products.............................................................................xiii IBM Crypto Education.......................................................................................................................... xiii How to send your comments to IBM......................................................................xv If you have a technical problem.................................................................................................................xv Summary of changes..........................................................................................xvii Changes made in Cryptographic Support for z/OS V2R1 - z/OS V2R2 (FMID HCR77C0)...................... xvii Changes made in Cryptographic Support for z/OS V1R13 - z/OS V2R2 (FMID HCR77B1)....................xvii Changes made in Enhanced Cryptographic Support for z/OS V1R13 - z/OS V2R1 (FMID HCR77B0)..xviii Changes made in Cryptographic Support for z/OS V1R13-V2R1 (FMID HCR77A1) as updated June 2014......................................................................................................................................................xix Chapter 1. Introducing cryptography and ICSF....................................................... 1 What is cryptography?................................................................................................................................. 1 The basic elements of a cryptographic system..................................................................................... 1 How does ICSF support cryptography?.......................................................................................................4 How does ICSF extend the uses of cryptography?..................................................................................... 4 Key generation and distribution............................................................................................................. 5 Personal Identification Numbers (PINs)................................................................................................5 Message Authentication Codes (MACs)................................................................................................. 5 Hashing algorithms.................................................................................................................................6 Digital signatures....................................................................................................................................6 Payment card verification values........................................................................................................... 7 Translation of data and PINs in networks..............................................................................................7 SET Secure Electronic Transaction ....................................................................................................... 7 Secure Sockets Layer (SSL)....................................................................................................................8 EMV integrated circuit card specifications............................................................................................ 8 ATM remote key loading......................................................................................................................... 9 Public Key Cryptography Standard #11 (PKCS #11)............................................................................ 9 DK AES PIN support............................................................................................................................... 9 Chapter 2. Solving your business needs with ICSF................................................ 11 Keeping your data private..........................................................................................................................11 Transporting data securely across a network........................................................................................... 11 Supporting the Internet Secure Sockets Layer protocol.....................................................................13 Transacting commerce on the Internet.....................................................................................................13 Exchanging keys safely between networks...............................................................................................13 iii Exchanging symmetric keys using callable services...........................................................................13 Exchanging DES or AES data-encrypting keys using an RSA key scheme..........................................14 Creating DES or AES Keys using an ECC Diffie-Hellman key scheme ................................................ 15 Exchanging keys and their attributes with non-CCA systems.............................................................15 Managing master keys using a Trusted Key Entry workstation................................................................ 15 Integrity and Privacy............................................................................................................................ 15 Using Personal Identification Numbers (PINs) for personal authentication........................................... 16 Verifying data integrity and authenticity................................................................................................... 16 Using Message Authentication Codes................................................................................................. 17 Generating and verifying digital signatures......................................................................................... 17 Using modification detection codes and message hashing................................................................ 17 Verifying payment card data................................................................................................................ 18 Maintaining continuous operations........................................................................................................... 18 Reducing costs by improving productivity................................................................................................ 19 Improving cryptographic performance..................................................................................................... 19 Using RMF and SMF to monitor z/OS ICSF events.............................................................................. 19 Improving performance in a CICS environment..................................................................................20 Customizing ICSF to meet your installation's needs................................................................................ 20 Using ICSF exits to meet special needs...............................................................................................20 Creating installation-defined callable services................................................................................... 21 Using options to tailor ICSF................................................................................................................. 21 Isolating and protecting PR/SM partitions................................................................................................21 Enabling growth......................................................................................................................................... 21 Protecting your investment......................................................................................................................