So, the discussion about ICSF is not meaningful - ICSF runs on z/OS, and you're not using z/OS in this case.
In general, the choice between CPACF and CEX is fairly straightforward. - If the function(s) you need can be done with CPACF, then use CPACF. It is faster than CEX for everything it does, but it can only do a small number of things. - If you need "secure keys" - keys that are protected by hardware that cannot be subverted, even by the highest-technology methods - then use CEX. (but if you need a lower level of security, consider CPACF Protected Key mode.) - If you need the functions that are available only on CEX, then use CEX. Some typical examples are public-key cryptography (CPACF only does symmetric key crypto and hashing) and the wide array of specialized functions required in banking and payment card systems. Sometimes, this means using both CEX and CPACF. SSL/TLS is a good example - this is typically done by using CEX for the public-key operations involved in setting up the session, then using CPACF for the symmetric-key operations used to encrypt/decrypt the session traffic. Often, the SSL/TLS software is designed to do this automatically. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
