Jun 8 ’11

Linux for System z Crypto Breaks New Ground

by Peter Spera in z/Journal

Thanks to client involvement, the secure key and protected key cryptography on System z continue to expand to meet the needs of the most sophisticated applications.

Customers around the globe have helped guide the future of cryptography for System z. Customer Crypto Councils have become a regular forum for IBM to share information about cryptographic offerings while helping discover and respond to client pain points, individual requirements, regulatory hurdles, and future needs. Crypto Councils in Europe and the Americas have brought together IBM and numerous clients to evaluate what’s available today and what’s needed tomorrow.

This customer-driven approach is working and producing clear results; it’s guiding the future of the host library for Linux on System z, Integrated Cryptographic Service Facility (ICSF) for z/OS, and crypto hardware.

This article explores the list of new cryptographic functions available to applications deployed on Linux on System z; it’s an update to the article, “The New Frontier for Cryptography on Linux on System z,” which appeared in the October/November 2010 issue of z/Journal (www.mainframezone.com/it-management/the-new-frontier-for-cryptography-on-linux-on-system-z). It also highlights the new functionality available to applications that depend on either secure key or protected key cryptographic solutions. (The clear key cryptographic support that’s already available to Linux on System z isn’t addressed here.)

What’s New for Secure Key

The third release of IBM’s Common Cryptographic Architecture (CCA) host library, formally known as the IBM CEX3C Common Cryptographic Architecture Support Program for Linux on System z 4.1.0, is available for download. This host library is commonly known as CCA 4.1. For compatibility, this new host library can be used in place of its predecessors, along with the necessary CryptoExpress2 or CryptoExpress3 PCI card, to provide the same functionality these cards previously provided. It’s the combination of the CCA host library and the crypto card, when configured in co-processor mode, that enables applications to solve complex cryptographic problems. This article examines the new host library with the latest CryptoExpress3 card and expands on the four primary areas affected:

For more on what’s new for Linux for System z in the 4.1.0 release of the CCA host library, see the latest version of the Secure Key Solution with the Common Cryptographic Architecture Application Programmer’s Guide (SC33-8294-02). You can access this book by selecting the Library tab at www.ibm.com/security/cryptocards/pciecc/overview.shtml. Here’s a brief description of the new functions and features available to both C and Java programs:

Enhanced PIN security mode: This was added to help block PIN attacks. This new support is needed to implement restrictions required by the ANSI X9.8 PIN standard to help block attacks that might come, for example, from rogue Automated Teller Machine (ATM) transactions. It’s important to protect these kinds of transactions from well-documented attacks. The first step to enforcing these restrictions and thwarting such attacks is to enable three new access control points:


These new access control points affect the Clear PIN Generate Alternate (CSNBCPA), Encrypted PIN Translate (CSNBPTR), and Secure Messaging for PINs (CSNBSPN) verbs.

CCA key wrapping using a new Cipher-Block Chaining (CBC) mode: While previously, Electronic Code Book (ECB) mode wrapping was the norm, enhanced key wrapping via the more secure CBC mode helps applications comply with current cryptographic standards that require key bundling. Both ECB and CBC mode key wrapping can coexist, letting existing applications expand to use the new CBC mode without sacrificing legacy data.

ECC support: As algorithms age and computing power increases, it’s constantly necessary to evaluate the viability of the current state of cryptography and security of cryptographic algorithms.  It is clear there soon will be a need for ECC. This support begins with the ability to perform key generation and digital signature generation and verification using the Elliptic Curve Digital Signature Algorithm (ECDSA). Digital signatures are commonly used to verify that a piece of data wasn’t changed between the time it was signed and the time it was used. Financial institutions do this to ensure a banking transaction initiated by a known customer wasn’t tampered with and can be trusted. Ensuring that a customer has chosen to transfer $10 as opposed to $10,000 is critical to the financial institution’s reputation. The addition of this new algorithm also requires a new Public Key Algorithm (PKA) key token for storing the ECC public key cryptographic keys and a new Asymmetric PKA (APKA) master key—a 32-byte key that complies with the Advanced Encryption Standard (AES) for wrapping an ECC key token. Extended support was also needed for the Master Key Process (CSNBMKP) verb.

HMAC expansion: With CCA 4.1, these verbs were added to enhance key generation and processing:

The Future With ECC

The ECC algorithm is a public key cryptographic approach similar in use to the RSA algorithm. (RSA stands for Rivest, Shamir and Adleman, who first publicly described it.) This new approach uses the algebraic structure of elliptic curves over finite fields. Several protocols were adapted to use elliptic curves, and in this release of the CCA host library, the ECDSA was implemented and can be used for digital signature solutions. From the list of curves available, IBM chose to support the Brainpool and Prime curves.

ECC has been gaining momentum recently and has been recognized internationally by financial institutions as the follow-on to the currently pervasive RSA algorithm. These organizations have been marching toward a timeline when all public key solutions must be switched over to ECC. This process will take years, so it was important that the ECC capability was provided in a timely fashion to ensure a smooth, seamless transition. In the U.S., the National Security Agency (NSA) developed Suite B, which is a group of algorithms they deem worthy to protect our national secrets. Suite B mandates ECC for digital signature generation and key exchange. With that in mind, it’s time to start thinking about ECC and develop a plan for exploiting this new algorithm with new applications. Depending on a client’s security policy or the security requirements for their data and/or process, the client should give consideration to migrating current solutions from their existing RSA implementation to use ECC.


The CCA host library provides several exciting new enhancements. Whether the requirement is for support of sophisticated ECC, extensions to HMAC, or the new CBC mode key wrapping, options are now available to new or existing applications deployed on Linux on System z. With this new support, the host library available to Linux on System z takes another step closer to supporting the robust set of functions available to z/OS applications via ICSF.

The CCA host library can be located by selecting the Software Downloads tab at www.ibm.com/security/cryptocards/pciecc/overview.shtml. There’s no charge for the CCA host library for Linux on System z. The documentation mentioned is an in-depth source of information for getting started and creating both C and Java-based applications to meet the demanding cryptographic needs of today’s secure key solutions.