OT: I would disagree that ICSF is the "overall better choice".  IMHO, if you do 
not need unique Crypto Express co-processor functions or completely and totally 
secure keys then ICSF is just wasted overhead compared to using the native 
CPACF instructions.

I have measured the difference between using native CPACF and the ICSF 
equivalents for "clear key" computations and it is many, many orders of 
magnitude slower to use ICSF.  That is unacceptable.


-----Original Message-----
From: IBM Mainframe Assembler List [mailto:ASSEMBLER-LIST@LISTSERV.UGA.EDU] On 
Behalf Of Tony Harminc
Sent: Thursday, August 10, 2017 3:36 PM
Subject: KMx vs PCC crypto instructions

The KM[x] (Cipher Message[with xxx]) set of crypto instructions seems to do the 
same things as PCC (Perform Cryptographic Computation). I haven't checked every 
option in excruciating detail, but for the common ones (DES, 3DES, AES) there 
is at least a lot of overlap.

For new code, what should I choose, and why? Both seem to support encrypted 
keys, so that isn't the differentiator.

For old code, where I have (say) a DES routine in software that I would like to 
replace, are the criteria different?

(Of course I am aware that perhaps calls to ICSF are the overall better choice, 
but I would still like to understand the reasons for the existence of these two 
sets of instructions.)

Thanks... Tony H.


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

Reply via email to