The IBM high powered cryptographic coprocessor allows z/OS applications to exploit cryptography. The z/OS Security Server provides API’s to invoke these cryptographic services (ICSF). Various functions involved with the management of keys are provided in this service. These services combine to manage public keys.
CA Top Secret provides the following resource classes to allow ICSF to be secured and audited:
This class secures encryption keys. The value, which is owned and permitted, is the key label. The key label is in the CKDS or PKDS when a key is defined.
If CFSKEYS is defined to support masking and you want to allow ALL access, use CFSKEYS(**). This allows the correct entity to be picked up. If this is not done and an audit record is cut the resource name is blank.
This class secures the various cryptographic services, needed to encrypt data and manage keys. For information, see the Integrated Cryptographic Service Facility: Administrator’s Guide.
Note: If the certificate’s private key resides in an ICSF storage facility and the format of PKCS12DER or PKCS12B64 is specified in the TSS EXPORT command, the command is rejected. To use ICSF, you must have cryptographic hardware installed and enabled on your system. ICSF is the interface to the Cryptographic hardware on z/OS.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|