Support all types of keyrings used within the z/OS ecosystem. #1851
Comments
|
I'm upvoting this request. We have customers using hardware private keys in RACF/Top Secret (ICSF), and just for ZOWE they have to create soft keys and are not happy about it. |
|
Some related ICSF details in zowe/zss#597. |
|
We have another customer that would benefit from the ICSF support. |
|
@MarkAckert Mark, do you think that the Marist system could be setup to support this hardware (ICSF) ? |
|
I believe we have |
|
The best way to validate the configuration is by generating an ICSF key ring. I could not find any good documentation. This is probably the best that I found: |
|
We have a test installation with private keys in ICSF. Which build/version is needed? Mine is a bit outdated, but I can update it quickly and test it. |
|
I'm not sure if we have the code ready for this "feature". I'll leave it up to others to reply @1000TurquoisePogs @achmelo @balhar-jakub |
|
correct, the code is not ready for testing of zlux. |
|
We have another customer looking for JCECCARACF keyring stored in the ICSF. |
|
The latest discussion on the topic during the ZAC call discussed that:
|
balhar-jakub
changed the title
Some customers are requesting support for different keyring types that are used in their mainframe security environments. They are interested primarily in the JCECCARACFKS keyring format.
What Zowe components support keyring? How difficult would be to implement it?
It should be simple to update Java-based applications:
https://www.ibm.com/docs/en/sdk-java-technology/8?topic=components-java-cryptography-extension-common-cryptographic-architecture-jcecca
https://www.ibm.com/docs/en/semeru-runtime-ce-z/11?topic=security-guide
https://public.dhe.ibm.com/software/Java/Java11/IBMJCECCA/JSSEzOSRefGuide.html
The text was updated successfully, but these errors were encountered: