
CCA Release 2.54 Revision History
can create an application to to clone keys having any of the CSS, CSR, and
SA keys longer than 1024-bits. See “Establishing Master Keys” on page 2-13.
The PKA_Key_Token_Change verb now returns return code 0 and reason code
0 if you request to update a key token that contains only a public key. A key
token containing only a public key is legitimate, but the
PKA_Key_Token_Change verb will have no effect on such a key token. The
verb used to return reason code 8 if the token only contained public-key
The command names listed in this book, in the IBM 4758 PCI Cryptographic
Coprocessor CCA Support Program Installation Manual, and in the
Cryptographic Node Management utility have been made the same.
The Key_Token_Change and DES_Key_Record_Create verbs now work
correctly with master keys having 3 unique parts (the CCA master keys are
triple length).
The diagnostic trace facility has been removed from the “SECY”
DLL/shared-library. If tracing is required in the future for diagnostic purposes,
IBM can supply tracing code upon customer agreement to install such code.
Seventh Edition, CCA Support Program, Release 2.40
The seventh edition of the IBM 4758 CCA Basic Services Reference and Guide
Version 2.40 for the IBM 4758 Models 002 and 023 technology and describes the
Common Cryptographic Architecture (CCA) application programming interface (API)
that is supported by the CCA Support Program, Release 2.40, for the IBM PCI
Cryptographic Coprocessor technology.
Important changes and extensions to material previously published in the Basic
Services manual:
Release 2.40.
The major items changed, extended, or added in Release 2.40 include:
“Overlapped Processing” on page 1-7 describes restrictions on the number of
concurrent calls to the CCA API. This is a publication-only change to describe
the existing implementation.
The timer function incorporated in the CP/Q++ control program employed by
the CCA implementation is upgraded to keep proper time to the accuracy of the
Coprocessor's electronics.
Various performance enhancements have been incorporated in both the
CP/Q++ control program and CCA code resulting in up to a 30% throughput
change (especially for the PIN verbs).
The IBM 4758 Coprocessor technology has always generated RSA CRT keys
with the key-components p>q. Beginning with Release 2.40, imported keys
having q>p will also be usable, but with a significant performance penalty since
the inverse of U is calculated each time such a key is encountered.
ANSI X9.24 Unique-Key-Per-Transaction support is added including the UKPT
control vector bit on KEYGENKY key types and extensions to the
Encrypted_PIN_Translate and Encrypted_PIN_Verify verbs. Also, a number of
editorial changes are incorporated in Chapter 8, “Financial Services Support
About This Publication xix