On Fri, 20 Sep 2013 07:48:23 -0500, Todd Arnold <[email protected]> wrote:
>Let me add my comments on some of this discussion. > >One post said "It may be ... that the recently announced "protected" clear >keys can be used without a coprocessor, increasing the security level even for >clear keys." This is not correct - in order to use the protected keys, you >MUST also have a CEX coprocessor. This is because the protection of those >keys is actually done through use of the CEX, while the encryption itself is >done in the CPACF. >, Hi Todd, Are you saying that the Redbook SG24-7848-00 System z Crypto andTKE Update is just plain wrong ? 3.5.2 Method 2: Using ICSF clear keys as protected keys This method of using protected keys does not involve the use of a Crypto Express3. However, it relies on the provision of a clear key, which is then converted to a protected key using a new CPACF machine instruction, PCKMO. Doug ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
