× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. March 2005

Crypto APIs

The following paragraph was written in response to Bruce Vining's post - 
"Attention Users of *SYSTEM state", and I would like to address it.

"One of the most effective things we have done is access the crypt 
function. We can do DES and 3DES, Industry standards for over 30 years. 
Where are those API's. Oops, you forgot them. There are in MI. Where are 
they located beside MI?  In fact IBM invented DES in 1968, I think. It is 
in the MI instructions to access, but where is the API.  It has been a 
banking industry standard for over 35 years.  Where is the API? But yes 
you have to make the operating system more secure. "

Product CR1 has been available on AS/400 since Release 1.2.  CR1 provided 
APIs for DES encrypt/decrypt/MAC, simple PIN processing, and key 
management.  This product was originally designed to be functionally 
equivalent with the Cryptographic Facilities of the IBM 4700 Finance 
Controller.  Over the years, many of our banking customers used the CR1 
APIs. 

However, industry standards have changed dramatically since CR1 was 
developed.  To meet the needs of higher security demands, for several 
years we moved our cryptographic development efforts to hardware 
encryption - first with the IBM 2620 Cryptographic Coprocessor and then 
the IBM 4758 Cryptographic Coprocessor, both of which supported a full set 
of cryptographic APIs.  In V5R1, we moved some of our effort back to 
software crypto enhancements by developing a cryptographically secure 
pseudorandom number generator with APIs, and also implementing some of the 
newer encryption algorithms and making them available through the CIPHER 
MI instruction.  In V5R2 we implemented an infrastructure within SLIC that 
would provide a common interface (within SLIC) for accessing all our 
various cryptographic providers.  And in V5R3 we then implemented a set of 
cryptographic APIs on top of that infrastructure.  These APIs provide 
encryption/decryption, authentication, and key generation, either using 
OS/400 cryptographic function or using the 2058 Cryptographic Accelerator. 
 A subset of these APIs were PTF'd back into V5R2.  In a future release 
you can expect key management APIs.  To read more about these APIs, visit 
the Info Center at 
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/info/apis/catcrypt.htm
.

Beth Hagemeister
iSeries Cryptographic Services

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.