On i5/OS, when you use DCM to create or renew certificates, you can choose to store the key directly in the coprocessor or to use the coprocessor master key to encrypt the private key and store it in a special key store file.
On z/OS, when you use RACF(R) to create certificates, you can choose to store the key using ICSF (Integrated Cryptographic Service Facility) to obtain improved performance and more secure key storage.
On UNIX(R) and Windows(R) systems, WebSphere MQ currently provides support for the following cryptographic hardware:
Platforms:
Platforms:
Platforms:
Platforms:
Platforms:
Platforms:
Platforms:
If SSL cryptographic hardware symmetric cipher operations are enabled within WebSphere(R) MQ, the cryptography used on an SSL channel will be provided by nCipher. This card is currently supported for symmetric cipher operations using Triple DES encryption.
Platforms:
If SSL cryptographic hardware symmetric cipher operations are enabled within WebSphere MQ, the cryptography used on an SSL channel will be provided by Eracom Orange. This card is currently supported for symmetric cipher operations using Triple DES encryption.
Platforms:
On all platforms, cryptographic hardware is used at the SSL handshaking stage and at secret key reset.
On UNIX and Windows systems, WebSphere MQ support is also provided for SSL cryptographic hardware symmetric cipher operations. When using SSL cryptographic hardware symmetric cipher operations, data sent across an SSL or TLS connection is encrypted/decrypted by the cryptographic hardware product.
On the queue manager, this is switched on by setting the SSLCryptoHardware queue manager attribute appropriately (see the WebSphere MQ: Script (MQSC) Command Reference and WebSphere MQ: Programmable Command Formats and Administration Interface books). On the WMQ client, equivalent variables are provided (see the WebSphere MQ: Clients book). The default setting is off.
If this attribute is switched on, WebSphere MQ attempts to use symmetric cipher operations whether the cryptographic hardware product supports them for the encryption algorithm specified in the current CipherSpec or not. If the cryptographic hardware product does not provide this support, WebSphere MQ performs the encryption and decryption of data itself, and no error is reported. If the cryptographic hardware product supports symmetric cipher operations for the encryption algorithm specified in the current CipherSpec, this function is activated and the cryptographic hardware product performs the encryption and decryption of the data sent.
In a situation of low CPU usage it is generally quicker to perform the encryption/decryption in software, rather than copying the data on to the card, encrypting/decrypting it, and copying it back to the SSL protocol software. Hardware symmetric cipher operations become more useful when the CPU usage is high.
On z/OS(R) with cryptographic hardware, support is provided for symmetric cipher operations. This means that the user's data is encrypted and decrypted by the hardware if the hardware has this capability for the CipherSpec chosen, and is configured to support data encryption and decryption.
On i5/OS, cryptographic hardware is not used for encryption and decryption of the user's data, even if the hardware has the capability of performing such encryption for the encryption algorithm specified in the current CipherSpec.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csq01chw |