 |
IBM PCI Cryptographic Coprocessor
|
|
|
|
Release 2.53 is available for download by all customers who use the IBM 4758 Model 002 or Model 023, or pSeries feature #4958 or #4963. Release 2.53 provides fixes for problems in Release 2.42, 2.41 and earlier Releases 2.x (when upgraded as described below). It does not provide any new CCA functions.
Release 2.53 is a full standalone package.
Release 2.53 contains three changes which were added to improve security. Also, a few minor changes were added to enhance application debugging:
- Controls were added to allow restrictions on use of regeneration data when generating RSA keys using the PKA_Key_Generate verb. To restrict use of regeneration data when generating RSA keys, two new access-control points have been added. See the “Required Commands” section for the PKA_Key_Generate verb for additional information.
- Beginning with this release, a private key with the CLONE attribute is rejected by the PKA_Symmetric_Key_Import, SET_Block_Decompose, and PKA_Decrypt verbs with a return code 8 reason code 64 (decimal).
- The CNM utility in CCA versions 2.53 and 2.5.3.0 have been improved to use 2048-bit SA and CSS keys for master key cloning, and to give the user the option to create 2048-bit CSR keys on the target node. Due to this change, users will NOT be able use master key share databases which were created by the previous versions of the CNM utility. If there is a need for using the old cloning databases, users should keep a copy of their existing HIKM.zip file before installing the new version of CCA code or click here to download the old version of CNM which works with the cloning databases created based on 1024-bit SA/CSS keys
- Minor changes were added to refine the return code / reason code returned during error conditions.
RECOMMENDED ACTIONS: Installation of release 2.53 is recommended to enhance the security of your product.
If you have any additional questions, please click here.
See Release 2.41 for enhancements in the earlier release.
|
|
