Search Tips   |   Advanced Search



Getting started with the cryptographic hardware for SSL (Distributed systems)

The IBM 4758 and other cryptographic devices require the PKCS11 support software for the host machine and internal firmware.

You will need the manual that explains software installation and cryptographic coprocessor microcode loading.

The support software and manual do not come with the IBM 4758 card, but you can download them from http://www.ibm.com/security/cryptocards/index.shtml. From the download site, obtain the PKCS#11 Model 002/023 software and the PKCS#11 installation manual.

  1. After installing the support software on your machine and loading the microcode on the cryptographic device, initialize the card.

  2. Configure IHS to pass the module for the PKCS11 device, the token label, the key label of the key created by the PKCS11 device, and the user PIN password of the token to the GSKit for access to the key for the PKCS11 device by modifying the configuration file. The PKCS11 module differs for each platform and PKCS11 device.

    AIX: For the IBM hardware cryptographic devices (for example, IBM 4758 card and IBM e-business Cryptographic Accelerator) the PKCS11 module ships with the bos.pkcs11 package.

  3. Install the devices.pci.14109f00 device for the IBM 4758 and the devices.pci.1410e601 device for the IBM e-business Cryptographic Accelerator.

    For the IBM 4758 on Windows, the PKCS11 module comes with the PKCS11 software available for download from: http://www.ibm.com/security/cryptocards/ordersoftware.shtml. For nCipher, the PKCS11 module ships with nCipher software and is located in the $NFAST_HOME/toolkits/pkcs11 The default locations of the PKCS11 modules for each PKCS11 device follow:

    • nCipher:

      • AIX: Linux: Solaris: /opt/nfast/toolkits/pkcs11/libcknfast.so

      • HP-UX: /opt/nfast/toolkits/pkcs11/libcknfast.sl

      • Windows: C:\nfast\toolkits\pkcs11\cknfast.dll
    • IBM 4758:

      • AIX: /usr/lib/pkcs11/PKCS11_API.so

      • Windows: $PKCS11_HOME\bin\nt\cryptoki.dll

    • IBM e-business Cryptographic Accelerator:

      • AIX: /usr/lib/pkcs11/PKCS11_API.so



Cryptographic hardware for SSL

AIX: Initializing IBM 4758 and IBM e-business Cryptographic Accelerator on AIX systems

Windows: Initializing IBM 4758 Cryptographic Accelerator on Windows systems

Using ikeyman to store keys on a PKCS11 device

Configuring IHS to use nCipher and Rainbow accelerator devices and PKCS11 devices