Skip to main content

Techdocs Library > White papers >

Hardware cryptographic support for IBM Z and IBM LinuxONE with Ubuntu Server

Document Author:
Additional Author(s):

Manfred Gnirss
Klaus Bergmann, Reinhard Buendgen, Uwe Denneler, Jonathan Furminger, Frank Heimes, Christian Rund, Patrick Steuer, Arwed Tschoeke

Document ID:


Doc. Organization:

IBM Systems

Document Revised:


Product(s) covered:

Crypto Coprocessor; IBM eServer zSeries; IBM HTTP Server; IBM System z; z14; IBM Z; Java; Java Development Kit; JDK; Linux; Linux on zSeries; S/390; S/390 Crypto Coprocessor; z Systems; z9-109; z9 BC; z9 EC; z10; z10 BC; z10 EC; z114; z13; z13s; z196; zBX; zEC12; zEnterprise; zEnterprise 196; zEnterprise EC12; zSeries 800; zSeries 890; zSeries 900; zSeries 990; zSeries; z/VM

Abstract: This article summarizes our experiences with the setup, configuration and usage of OpenSSL, PKCS#11 and its related components for exploiting hardware-assisted cryptographic operations on IBM LinuxONE and IBM Z for clear key operations. The required steps are described, as well as findings in the areas of performance improvement using OpenSSH, Apache HTTP server and IBM Java. Based on our positive experiences we recommend that you should make use of these capabilities whenever performing cryptographic workloads on Ubuntu Server for IBM Z and IBM LinuxONE.



Hardware; Software; Solutions




Cloud; IBM Security Solution




Linux; z/VM


OpenSSH, SCP, SFTP, rsync, z Systems, z13, z13s, CPACF, Crypto Express, CEX5S, hardware cryptographic support, acceleration, AES, TDES, SHA, RSA, performance, throughput, OpenSSL, Linux, Ubuntu, Linux for z Systems, cipher, MAC, LinuxONE, LinuxONE Emperor, LinuxONE Rockhopper, IBM Z, Apache, Java, SDK, JRE, JCE, JCA, IBMJCE, IBMPKCS11Impl, PKCS#11, openCryptoki, z14, cpacfstats, CEX6S

The Techdocs Library
Is this your first visit to Techdocs (the Technical Sales Library)?

Learn more

Techdocs QuickSearch