This IBM Redbooks publication is designed to help you understand and implement the z/OS Cryptographic PCICC and PCICA cards. Although this book focuses on the enablement of the z/OS PCICC and PCICA products, cryptography and the available services on z/OS are also discussed and explained, with special attention given to the new Trusted Key Entry (TKE 3.1) workstation.

In addition, we look at how Linux for zSeries supports the exploitation of the PCICC and PCICA cryptographic coprocessors by using a generic device driver called z90crypt, which routes the cryptographic work to the PCICC or PCICA cards.

We also describe UDX, which is the facility offered by the S/390 and zSeries PCICC, when running under control of ICSF, to enable users to design and implement their own cryptographic services to be executed in the PCICC itself. This provides maximum flexibility to the PCICC user, along with all the protection that the card can offer.

Ch 1 Introduction

Ch 2 PCICC and PCICA product overview

Ch 3 Planning and hardware installation

Ch 4 Installation, configuration and startup of ICSF

Ch 5 Customizing PCICC and CCF using TKE V3.1

Ch 6 Support functions

Ch 7 Linux for zSeries support of cryptographic coprocessors

App. A PCICC User Defined Extensions (UDX)

App B Callable services access control points

App. C Exploitation of the cryptographic coprocessors

App.D TKE host TCP/IP server setup