Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Categories Crypto HW
Created by Guest
Created on Jan 2, 2019

Support additional TR-31 key blocks

Our system uses ICSF, and we are working with third parties to import and export TR-31 key blocks. At least one third party so far has provided TR-31 key block examples that cannot be imported using ICSF. We would like IBM to consider relaxing some of the restrictions around TR-31 key block import (CSNBT31I) to support additional use cases.
These are detailed in the Use Case box.

This request is being opened as a suggested resolution to service request 76374082000. We would be open to collaboration between IBM and our third parties on this matter.

Idea priority Medium
  • Guest
    Reply
    |
    May 16, 2022
    Per SME My understanding is that this is delivered. Please contact to confirm
  • Guest
    Reply
    |
    Mar 28, 2022

    My understanding is that this is delivered. Please contact to confirm.

  • Guest
    Reply
    |
    Aug 24, 2020

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - z Systems Hardware
    Product - z Systems Hardware
    Component - Crypto HW

    For recording keeping, the previous attributes were:
    Brand - Servers and Systems Software
    Product family - z Systems Hardware
    Product - z Systems Hardware
    Component - Security / Crypto

  • Guest
    Reply
    |
    Jun 3, 2019

    .Delivery soon. Contact us for details.

  • Guest
    Reply
    |
    Jan 11, 2019

    Thank you for your response. Option (1c) appears to meet our needs for the first use case. We are interested in a call to further discuss the issue. I am posting a separate, private comment with the additional details requested and contact information for the meeting.

  • Guest
    Reply
    |
    Jan 4, 2019

    Thank you for submitting the RFE. We have a few comments and questions. The reason CCA enforces certain strict controls on key typing and usage is due to standards requirements which indicate that the HSM must ensure that each cryptographic key is only used for a single cryptographic function or that the HSM does not permit any of the key-usage information to be changed in any way that allows the key to be used in ways that were not possible before the change. Therefore, CCA does not support things like creating a single key which can do both PIN encryption and PIN decryption. We could not support an open-ended import function which allows the assignment of any key type or control vector, but we could potentially support options that give you more control over acceptable import options. Please consider the following for your first use case and let us know your thoughts on these possible changes to CSNBT31I possibly controlled by rule array keywords. Would any of the options below meet your needs?
    CSNBT31I:
    Request CCA Key returned
    (1a) P0-(A,B,C)-B --> OPINENC, no new keywords
    (1b) P0-(A,B,C)-B --> IPINENC, no new keywords
    (1c) P0-(A,B,C)-B --> OPINENC or IPINENC based on 2 new keywords
    (1d) P0-(A,B,C)-B --> OPINENC +[CPINENC,EPINGEN,REFORMAT,TRANSLAT] or
    IPINENC +[EPINVER,CPINGENA,REFORMAT,TRANSLAT],
    ==>based on 8 new keywords
    When do you need this change? On which cards/releases/machines do you need the support?
    When do you need support for your 2nd use case ?
    Please do send any comments to the questions above as soon as possible.
    We understand that you are in the early discussion stages with your partners, but we would like to have a call with you to further discuss your requirements. Would it be okay if we scheduled a call to discuss?