The IBM 4758 PKCS #11 Support Program used with the
IBM 4758 PCI Cryptographic Coprocessor technology implements
the RSA™ Laboratories' PKCS #11 application programming
interface (API), Version 2.01, on IBM
pSeries and IBM RS/6000® systems with AIX and on
personal computers with Windows NT®, Windows
2000, and Windows 2000 Advanced Server, .
Your applications can obtain cryptographic services via the industry-standard PKCS #11 API featuring support of DES, triple-DES (with triple-length keys), RSA and DSA, and SHA-1, MD2, and MD5 hashing services. You can employ multiple Coprocessors, each operating as an independent PKCS #11 token. Applications designed to support multiple tokens and supporting the required key-management can improve throughput and/or availability with additional Coprocessors.
The design of the IBM PCI Cryptographic Coprocessors and the PKCS #11 Support Program provide maximum security for both your RSA and DSS private keys, and for your DES keys. The Coprocessors are installed directly into your system unit without requiring external connections. The FIPS 140-1 certified Coprocessors, and the Support Program, work together to create a cryptographic base upon which to build your defenses against both external adversaries and insiders with special access to your systems.
The capabilities offered in the Support Program specifically support the needs of the Netscape Security Library so that you can provide security for the private keys and DES keys used in your application servers.
The latest latest level is 2.41 (full release) with 2.42 updates installed for the AIX, Windows NT, Windows 2000, and Windows 2000 Advanced
Server platforms.
PKCS #11 Mechanism Support
- Supports the version 2.01 PKCS #11 Cryptoki API with the following exceptions:
- C_WaitForSlotEvent
- Dual-purpose cryptographic functions
- User callback functions
- Support for the following mechanism classes:
- DES
- DES3
- RSA
- DSA
- SHA-1
- MD5
- MD2
- SSL3
- Support for multiple Coprocessors.
- Multiple PKCS #11 applications may safely access the IBM 4758 simultaneously. Calls from multiple processes and from multiple threads within a process are supported.
- Both IBM VisualAge and Microsoft tools can be used to interface your C-language application to the PKCS #11 API.
|