Common problems:
- Not specifying the correct name for the JCE provider in
the java.security file. The provider name is
com.ibm.crypto.hdwrCCA.provider.IBMJCE4758 and must come after the SUN(TM)
provider in the list.
- Having the wrong policy file set in the lib/ext
directory.
- Having the ibmjca4758.jar file in the lib/ext directory or
in the classpath.
- The sample file SampleX.509Verification.java fails to
verify a signature in the DSA based certificate. This will be resolved in
JAVA PTF SR12.
- The Keys used/created by JCE4758 are not CLEAR keys, but a
hardware token and therefore can NOT be used by other providers.
- The keystores are hardware based and therefore can not be
moved from machine to machine.
Related information
Sample code can be found
at:
http://www-1.ibm.com/servers/eserver/zseries/software/java/j2pcont.html
- JSSE (Secure sockets function)
Sample code: $JAVA_HOME/demo/jsse
- JAAS (User authentication and security)
Sample code: $JAVA_HOME/demo/jaas/samples390.jar
- JCE (Cryptography function)
Sample code: demo/jce/src
IBMJCE4758 extends JCE to seamlessly add the
capability to use hardware cryptography via the IBM Common Cryptographic
Architecture (CCA) interfaces.
Sample code:
demo/jce/src
Software Prerequisites:
- OS/390 V2R9 level or higher, with at least one CCF
- IBM4758 PCI card
- ICSF (Integrated Cryptographic Service Facility) must be
up and running.
|