You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

Illustration courtesy of Shutterstock

Cryptoki supports two classes of users: security-officer and normal user. Only the normal user can access private objects after opening a session and authenticating with a token to gain access to the tokens’ objects and functions. The security-officer role is responsible for initializing tokens and setting the normal user’s pin, managing object trust, blessing object deletes and performing administrative tasks such as hardware assistance and performance tuning.

For performing general tasks related to PKCS 11 key management and administration, IBM AIX Cryptographic Services implements two separate utilities for each type of user. Normal users apply the PKCS 11 key-management tool, while security officers use the PKCS 11 administration tool.

PKCS 11 Utilities

Two tools are available for managing cryptographic systems within the AIX OS: the PKCS 11 key-management tool and the PKCS 11 administration tool. These tools can be accessed via the IBM Systems Director Console, the HMC or within AIX via smitty. The PKCS 11 key-management tool is the centralized tool for managing keys, certificates and PKCS 11 data on the AIX OS. The objects this tool manages are stored either within supported PKCS 11 providers–such as the IBM family of cryptographic adapters–or within the AIX OS.

The PKCS 11 key-management tool itself is feature rich. Some features include creating a PKCS 10 certificate-signing request (CSR) or generating self-signed certificates. Additionally, you can use this tool to search, view, delete, import, export and back up PKCS 11 object data as well as transport PKCS 11 object data between PKCS 11 tokens, PKCS 12 key stores, or import/export digital certificates using the PKCS 7 standard.


Chris Lita currently serves as lead cryptography engineer for the AIX Security Team. He is an expert software engineer, who has worked in a diverse set of technology areas within IBM.

Jason Jaramillo is a security software engineer for IBM AIX, specializing in Kerberos, OpenSSL, and Public Key Cryptography Standards 11.

Lucas McLane, CISSP, is an information assurance/software engineer for IBM AIX.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters