First: I assume you already have crypto cards. So keep it! It does cost close to nothing (you already bought it).
Regarding TLS - yes, it is possible to use TLS without CryptoExpress. Your certificate will be kept in RACF db. Including private key. Is it acceptable? Well... For internal use you can decide it is OK. However it is something like password on yellow sticky card under the keyboard. ;-)
-- Radoslaw Skorupka Lodz, Poland W dniu 28.10.2022 o 18:58, Frank Swarbrick pisze:
We are pushing our "host security module" processing off our mainframe back to our card issuer processor, and I have a couple of questions. If we use ICSF just for TLS and the like, does this still require the DES and RSA keys to be loaded? We already don't have AES or ECC master keys, so I am thinking we wouldn't need DES or RSA keys either. But someone who should know seems to think we still need master keys, even if we're not using it as a crypto coprocessor. Other question is, can TLS encryption processes that use ICSF services work at all if there is no crypto card at all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
