Java Public Key Cryptographic Standards #11 Implementation Provider Overview

(December, 2007)

Table of Contents


Beginning with SDK 6.0, Public Key Cryptographic Standards #11 (PKCS#11) is implemented on Java for z/OS using the IBMPKCS11Impl provider. This provider uses the Java Cryptography Extension (JCE) and Java Cryptography Architecture (JCA) frameworks to add the capability to use hardware cryptographic devices via PKCS#11 interfaces. Reference documentation for the IBMPKCS11Impl security provider can be found in the IBM Knowledge Center, IBM SDK, Java Technology Edition. Select the Java Edition (version 6.0.0 or later) -> Security Reference for IBM SDK, ... -> IBMPKCS11Impl Provider.

The IBMPKCS11Impl provider uses Integrated Cryptographic Services Facility (ICSF) that includes the PKCS#11 C language application programming interfaces (C APIs) on z/OS for its implementation of the PKCS#11 standard. Information regarding the ICSF PKCS#11 support is primarily available in:

  • z/OS Cryptographic Services ICSF Writing PKCS#11 Applications
  • z/OS Cryptographic Services ICSF Administrator's Guide
  • z/OS Cryptographic Services ICSF Programmer's Guide

Refer to the applicable z/OS release documentation, in the z/OS library.


For use of the PKCS#11 Implemenation Provider Support, your z/OS operating system must be z/OS V1R9 or above.

See z/OS IBMPKCS11Impl Guide for restrictions and other considerations.

Contact IBM

Browse z/OS