Cryptographic Services APIs
The cryptographic services APIs can help you ensure the following:
- Privacy of data
- Integrity of data
- Authentication of communicating parties
- Nonrepudiation of messages
For general information about cryptography, see Cryptography concepts.
The cryptographic services APIs perform cryptographic functions within the IBM® i operating system or on the 2058 Cryptographic Accelerator, as specified by the user. For more information about hardware cryptography, see the Cryptography topic collection in the Security section. For a comparison of functions performed in the operating system and on the 2058, see IBM i and 2058 Cryptographic Function Comparison.
The cryptographic services APIs include:
- Encryption and Decryption APIs
- Authentication APIs
- Key Generation APIs
- Key Management APIs
- Pseudorandom Number Generation APIs
- Cryptographic Context APIs
The cryptographic services exit programs are:
- Clear Master Key (QIBM_QC3_CLR_MSTKEY) is called when the Clear Master Key (CLRMSTKEY) CL command, the Qc3ClearMasterKey API, or the Clear Master Key GUI dialog is being used.
- Delete Keystore Record (QIBM_QC3_DLT_KREC) is called when the Remove Keystore File Entry (RMVCKMKSFE) CL command, the Qc3DeleteKeyRecord API, or the delete action of the Keystore Contents GUI panel is being used.
- Set Master Key (QIBM_QC3_SET_MSTKEY) is called when the Set Master Key (SETMSTKEY) CL command, the Qc3SetMasterKey API, or the set action of the Manage Master Keys GUI panel is being used.
- Translate Keystore (QIBM_QC3_TRN_KSF) is called when the Translate Keystore File (TRNCKMKSF) CL command, the Qc3TranslateKeyStore API, or the Translate Keystore GUI dialog is being used.
Scenario: Key Management and File Encryption Using the Cryptographic Services APIs provides some sample designs and example programs.
In V6R1, IBM dropped support of Licensed Product 5722-CR1. Migrating from 57xx-CR1 provides information on migrating your CR1 applications to the cryptographic services APIs.
The educational white paper Protecting i5/OS data with encryption provides information on encrypting data at rest (primarily, the data stored in IBM DB2® tables and physical files). Recommended practices for key management are also discussed.
[ Back to top | APIs by category ]