6947ch05.fm Draft Document for Review April 7, 2004 6:15 pm
120 IBM eServer zSeries 990 Technical Guide
5.1 Cryptographic function support
The z990 includes both standard cryptographic hardware and optional cryptographic
features, to give flexibility and growth capability. IBM has a long history of providing hardware
cryptographic solutions, from the development of Data Encryption Standard (DES) in the
1970s to delivering the only integrated cryptographic hardware in a server to achieve the US
Government's highest FIPS 140-2 Level 4 rating for secure cryptographic hardware.
The z990 cryptographic functions include the full range of cryptographic operations needed
for e-business, e-commerce, and financial institution applications. In addition, custom
cryptographic functions can be added to the set of functions that the z990 offers.
Today, e-business applications are increasingly relying on cryptographic techniques to
provide the confidentiality and authentication required in this environment. Secure Sockets
Layer (SSL) technology is a key technology for conducting secure e-commerce using Web
servers, and it is in use by a rapidly increasing number of e-business applications, demanding
new levels of security and performance.
5.1.1 Cryptographic Synchronous functions
For clear key functions only, the hardware includes implementation of the following:
Data encryption/decryption algorithms
– Data Encryption Standard (DES)
• Double length-key DES
• Triple length- key DES (TDES)
Hashing algorithms SHA-1
Message authentication code (MAC):
– single-key MAC
– double-key MAC
5.1.2 Cryptographic Asynchronous functions
For secured key functions, Cryptographic Asynchronous functions process messages that are
passed to it.
Data encryption/decryption algorithms
– Data Encryption Standard (DES)
– Double length-key DES
– Triple length- key DES
DES key generation and distribution
PIN generation, verification and translation functions
Pseudo Random Number (PRN) Generator
Public Key Algorithm (PKA) Facility
These commands are intended for application programs using public key algorithms,
including:
– Importing RSA public-private key pairs in clear and encrypted forms.
– Rivest-Shamir-Adelman (RSA)
• Key generation, up to 2048-bit.
• Signature Verification, up to 2048-bit.
