System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong><br />
<strong>Secure</strong> sockets consists of the following <strong>APIs</strong>:<br />
v “i5/OS Global <strong>Secure</strong> Toolkit (GSKit) <strong>APIs</strong>” on page 2<br />
v “i5/OS <strong>Secure</strong> <strong>Sockets</strong> Layer (SSL_) <strong>APIs</strong>” on page 64<br />
v Open SSL <strong>APIs</strong><br />
The i5/OS Global <strong>Secure</strong> Toolkit (GSKit) and i5/OS SSL_ application programming interfaces (<strong>APIs</strong>) are a<br />
set of functions that, when used with the i5/OS sockets <strong>APIs</strong>, are designed to enable and facilitate secure<br />
communications between processes on a network. The GSK <strong>Secure</strong> Toolkit (GSKit) <strong>APIs</strong> are the preferred<br />
set of <strong>APIs</strong> to be used to securely enable an application using <strong>Secure</strong> <strong>Sockets</strong> Layer/Transport Layer<br />
Security (SSL/TLS). The SSL_ <strong>APIs</strong> also can be used to enable an application to use the SSL/TLS<br />
Protocol.<br />
SSL provides communications privacy over an open communications network (that is, the Internet). The<br />
protocol allows client/server applications to communicate to prevent eavesdropping, tampering, and<br />
message forgery. The SSL protocol connection security has three basic properties:<br />
v The connection is private. Encryption using secret keys is used to encrypt and decrypt the data. The<br />
secret keys are generated on a per SSL session basis using an SSL handshake protocol. An SSL<br />
handshake is a series of protocol packets sent in a particular sequence, which use asymmetric<br />
cryptography to establish an SSL session. Symmetric cryptography is used for application data<br />
encryption and decryption.<br />
v The peer’s identity can be authenticated using asymmetric, or public key cryptography.<br />
v The connection is reliable. Message transport includes a message integrity check using a keyed<br />
Message Authentication Code (MAC). <strong>Secure</strong> hash functions are used for MAC computations.<br />
When creating ILE programs or service programs that use the i5/OS GSKit or SSL_ <strong>APIs</strong>, you do not<br />
need to explicitly bind to the secure sockets service program QSYS/QSOSSLSR because it is part of the<br />
system binding directory.<br />
The GSKit and SSL_ API documentation describes the GSKit and SSL_ <strong>APIs</strong> only. This documentation<br />
does not include any information about how to configure or obtain any of the cryptographic objects, such<br />
as a key ring file or certificate, that are required to fully enable an application for SSL. Some<br />
cryptographic objects, such as certificate store files, are required parameters for GSKit and SSL_ <strong>APIs</strong>.<br />
information about how to configure the cryptographic objects required for the i5/OS secure socket <strong>APIs</strong>,<br />
or how to configure a secure web server, which also uses the secure socket <strong>APIs</strong>, can be found using the<br />
following references:<br />
v HTTP Server for i5/OS<br />
v <strong>Secure</strong> <strong>Sockets</strong> Layer in the information center Security category (SSL prerequisites discusses what you<br />
must install and configure before using secure sockets.)<br />
v Cryptography<br />
For background information about GSKit and SSL_ <strong>APIs</strong>, see:<br />
v <strong>Secure</strong> sockets in the Socket programming topic collection<br />
Top | UNIX-Type <strong>APIs</strong> | <strong>APIs</strong> by category<br />
© Copyright <strong>IBM</strong> Corp. 1998, 2008 1