Today I will take a look at some of the Cryptographic Services APIs and Exit Points that were introduced with release 6.1. In previous articles I have been covering the Cryptographic Services APIs up to and including release 5.4. With release 6.1, IBM continued enhancing and adding new APIs to the cryptographic API sets in continuation of the significant changes included with each release since the first limited supply of cryptographic APIs were PTF’ed to release 5.2 back in 2003. As such, I decided to continue my coverage of this current and interesting topic. Based on the 6.1 changes, I’ve updated a number of previously published key management CL commands and also included a new CL command displaying a key store file’s attributes.
Cryptographic key management has been the focus area of the most recent updates and enhancements added to the cryptographic APIs. In extension to the Key Management API offering, IBM has also introduced Key Management CL commands, as well as corresponding System i Navigator facilities. Given this variety of key management maintenance interfaces, IBM also added also added four new exit points with release 6.1, letting you control access to critical maintenance activities beyond the levels enabled by user profile, special authority, and resource authority. I have included a couple of exit program examples with this article for you to use as a starting point in case you decide to take advantage of these new exit points.
In a couple of APIs by Example articles following the release 5.4 key management API additions, I presented four master key CL commands based on functionally corresponding APIs. While IBM with release 6.1 not only added two new system master keys for ASP and Save/Restore encryption purposes, respectively, but also had the courtesy of adding master key CL commands, although named differently, but otherwise similar to my earlier contribution in this area, I however still decided to update my master key commands to reflect the new system master key enhancements.