|
The following paragraph was written in response to Bruce Vining's post - "Attention Users of *SYSTEM state", and I would like to address it. "One of the most effective things we have done is access the crypt function. We can do DES and 3DES, Industry standards for over 30 years. Where are those API's. Oops, you forgot them. There are in MI. Where are they located beside MI? In fact IBM invented DES in 1968, I think. It is in the MI instructions to access, but where is the API. It has been a banking industry standard for over 35 years. Where is the API? But yes you have to make the operating system more secure. " Product CR1 has been available on AS/400 since Release 1.2. CR1 provided APIs for DES encrypt/decrypt/MAC, simple PIN processing, and key management. This product was originally designed to be functionally equivalent with the Cryptographic Facilities of the IBM 4700 Finance Controller. Over the years, many of our banking customers used the CR1 APIs. However, industry standards have changed dramatically since CR1 was developed. To meet the needs of higher security demands, for several years we moved our cryptographic development efforts to hardware encryption - first with the IBM 2620 Cryptographic Coprocessor and then the IBM 4758 Cryptographic Coprocessor, both of which supported a full set of cryptographic APIs. In V5R1, we moved some of our effort back to software crypto enhancements by developing a cryptographically secure pseudorandom number generator with APIs, and also implementing some of the newer encryption algorithms and making them available through the CIPHER MI instruction. In V5R2 we implemented an infrastructure within SLIC that would provide a common interface (within SLIC) for accessing all our various cryptographic providers. And in V5R3 we then implemented a set of cryptographic APIs on top of that infrastructure. These APIs provide encryption/decryption, authentication, and key generation, either using OS/400 cryptographic function or using the 2058 Cryptographic Accelerator. A subset of these APIs were PTF'd back into V5R2. In a future release you can expect key management APIs. To read more about these APIs, visit the Info Center at http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/info/apis/catcrypt.htm . Beth Hagemeister iSeries Cryptographic Services
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.