Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

Crypto HW

Showing 44

Asymmetric key encrypted data to Symmetric key encrypted data encryption(and reverse) - new API function

We have a use case today to decrypt an RSA public key encrypted payload and re-encrypt it with a symmetric key without exposing the payload in the clear out side of ICSF
9 days ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 0 Submitted

Request to auto synch the time across all crypto adapters with the system time.

Each IBM 4768 (and other 476x series) cryptographic coprocessors maintains its own internal clock to provide timestamped logging for PCI-HSM compliance. The clock value is set for each card individually by an operator using the TKE "Set Clock" fun...
over 1 year ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 1 Future consideration

Sync CryptoExpress clock to sysplex timer

Currently the only way to set the clock on CryptoExpress hardware is to use the TKE workstation to manually set the time. This can result in: Discrepancy between different cryptographic hardware, especially when using multiple mainframe footprints...
over 2 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 0 Future consideration

Increase the CRL field length in TR34 ICSF services

The CRL field length in TR34 ICSF services CSNDT34B and CSNDT34D are defined with only 3500 bytes. If the CA sends a CRL more than 3500 bytes then the services will fail resulting in ATMs going out of service.
about 3 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 3 Future consideration

Ability to route SSL workloads to CEXC instead of CPACF.

Ability to route all SSL crypto functions to the CEXC. Customer need a switch to move workloads off the CPACF and to the CEXC to reduce MSUs.
about 10 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 4 Not under consideration

Please provide C++17 support for the Cryptographic Coprocessor Custom Software Developer's Toolkit (CEX7S/4769)

C++ provides valuable features to the UDX developper in order to extend the standard IBM CCA functionality:- Guaranteed intialization of variables and objects during creation (constructor)- Guaranteed clean-up of variables while destroying the obj...
almost 2 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 2 Planned for future release

Add the ability to generate an AES DUKPT DATA encryption key similar to the K1DATA derived key for DES DUKPT

This would allow the user to be able to perform encryption operations on DATA that has been encrypted using AES-DUKPT derived keys.
12 months ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 2 Functionality already exists

Add Certificate trust verification in CSNDDSV service

Currently the option to verify the trust of a certificate is possible only by adding the CA and Intermediate CA certificates using TKE into ICSF adaptor. This is new and overhead for the limited ICSF admin team. Add option to verify the signature ...
over 3 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 7 Future consideration

Request TR31- SECMSG Support

It is required to extend the ability to export SECMSG type keys in TR-31 format using the CSNBT31X command
over 3 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 3 Not under consideration

ChaCha20-Poly1305 for IBM Z and LinuxONE

Requesting system hardware support particularly in IBM Crypto Express features (but also in CP Assist for Cryptographic Processing, and in operating system and middleware exploiters such as z/OS System SSL) for the ChaCha stream cipher (at least t...
over 4 years ago in IBM Z and LinuxONE Systems Hardware / Crypto HW 4 Future consideration