Since the z90crypt package does not seem to support the new instructions provided by the CPACF feature, this seems like a new niche for an enterprising third-party. A fast data encryption/decryption program that supports AES is always helpful on U.S. government computer systems, even linux under z/VM.
/Tom Kern /301-903-2211 ----- Original Message Follows ----- From: dave <[EMAIL PROTECTED]> As John mentions, enabling the CPACF (feature code 3863) on the new z9 processors just turns on the cipher instructions (KM, KMC) documented in the latest zArch PoP manual. All z9 boxes come with these instructions disabled, possibly because of export restrictions on strong cryptographic hardware, and enabling them is a no charge operation. The CAACF has nothing to do with the separate cryptographic accelerators (PCxICC, PCICC, CCF) available as optional hardware components. A paper that provides a different perspective on explaining the differences between secure key and clear key as well as pointing out that CPACF alone does not replace the z900 CCF Crypto processors can be found here: http://www-1.ibm.com/support/docview.wss?uid=tss1td101704&aid=1 The KM and KMC instructions enabled by the CPACF feature provide hardware support for DES, TDES and AES encryption operations, in both ECB and CBC modes. DJ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
