ubuntu@zbox:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 23.04 Release: 23.04 Codename: lunar ubuntu@zbox:~$ sudo apt-get -y install libica-utils libica? openssl-ibmca opencryptoki [sudo] password for ubuntu: Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'libica4' for glob 'libica?' The following additional packages will be installed: libopencryptoki0 libtspi1 The following NEW packages will be installed: libica-utils libica4 libopencryptoki0 libtspi1 opencryptoki openssl-ibmca 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 1,363 kB of archives. After this operation, 5,493 kB of additional disk space will be used. Get:1 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x libica4 s390x 4.2.1-0ubuntu1 [91.8 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x libica-utils s390x 4.2.1-0ubuntu1 [21.5 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x libtspi1 s390x 0.3.15-0.3 [147 kB] Get:4 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x libopencryptoki0 s390x 3.20.0+dfsg-0ubuntu1 [817 kB] Get:5 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x opencryptoki s390x 3.20.0+dfsg-0ubuntu1 [170 kB] Get:6 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x openssl-ibmca s390x 2.4.0-0ubuntu1 [116 kB] Fetched 1,363 kB in 1s (1,744 kB/s) Selecting previously unselected package libica4:s390x. (Reading database ... 81619 files and directories currently installed.) Preparing to unpack .../0-libica4_4.2.1-0ubuntu1_s390x.deb ... Unpacking libica4:s390x (4.2.1-0ubuntu1) ... Selecting previously unselected package libica-utils. Preparing to unpack .../1-libica-utils_4.2.1-0ubuntu1_s390x.deb ... Unpacking libica-utils (4.2.1-0ubuntu1) ... Selecting previously unselected package libtspi1. Preparing to unpack .../2-libtspi1_0.3.15-0.3_s390x.deb ... Unpacking libtspi1 (0.3.15-0.3) ... Selecting previously unselected package libopencryptoki0:s390x. Preparing to unpack .../3-libopencryptoki0_3.20.0+dfsg-0ubuntu1_s390x.deb ... Unpacking libopencryptoki0:s390x (3.20.0+dfsg-0ubuntu1) ... Selecting previously unselected package opencryptoki. Preparing to unpack .../4-opencryptoki_3.20.0+dfsg-0ubuntu1_s390x.deb ... Unpacking opencryptoki (3.20.0+dfsg-0ubuntu1) ... Selecting previously unselected package openssl-ibmca. Preparing to unpack .../5-openssl-ibmca_2.4.0-0ubuntu1_s390x.deb ... Unpacking openssl-ibmca (2.4.0-0ubuntu1) ... Setting up libtspi1 (0.3.15-0.3) ... Setting up libica4:s390x (4.2.1-0ubuntu1) ... Setting up libopencryptoki0:s390x (3.20.0+dfsg-0ubuntu1) ... Setting up openssl-ibmca (2.4.0-0ubuntu1) ... Setting up opencryptoki (3.20.0+dfsg-0ubuntu1) ... Adding group `pkcs11' (GID 116) ... Done. Adding user `root' to group `pkcs11' ... Done. Created symlink /etc/systemd/system/multi-user.target.wants/pkcsslotd.service → /lib/systemd/system/pkcsslotd.service. Setting up libica-utils (4.2.1-0ubuntu1) ... Processing triggers for man-db (2.11.2-1) ... Processing triggers for libc-bin (2.37-0ubuntu2) ... Scanning processes... Scanning processor microcode... Scanning linux images... Running kernel seems to be up-to-date (ABI upgrades are not detected). Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. ubuntu@zbox:~$ sudo usermod -aG pkcs11 ubuntu ubuntu@zbox:~$ exit logout Connection to zbox closed. user@workstation:~$ ssh ubuntu@zbox Welcome to Ubuntu 23.04 (GNU/Linux 6.2.0-23-generic s390x) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Tue Jun 27 09:27:12 AM UTC 2023 System load: 0.32 Memory usage: 3% Processes: 220 Usage of /: 30.7% of 30.83GB Swap usage: 0% Users logged in: 0 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment. https://ubuntu.com/engage/secure-kubernetes-at-the-edge 0 updates can be applied immediately. Last login: Tue Jun 27 09:25:49 2023 from 10.172.66.67 ubuntu@zbox:~$ systemctl --no-pager status pkcsslotd.service ● pkcsslotd.service - Daemon which manages cryptographic hardware tokens for the openCryptoki package Loaded: loaded (/lib/systemd/system/pkcsslotd.service; enabled; preset: enabled) Active: active (running) since Tue 2023-06-27 09:26:47 UTC; 38s ago Process: 1787 ExecStart=/usr/sbin/pkcsslotd (code=exited, status=0/SUCCESS) Main PID: 1788 (pkcsslotd) Tasks: 1 (limit: 38511) Memory: 9.3M CPU: 9ms CGroup: /system.slice/pkcsslotd.service └─1788 /usr/sbin/pkcsslotd Jun 27 09:26:47 zbox systemd[1]: Starting pkcsslotd.service - Daemon whic…e... Jun 27 09:26:47 zbox pkcsslotd[1787]: PID File created Jun 27 09:26:47 zbox systemd[1]: Started pkcsslotd.service - Daemon which…age. Hint: Some lines were ellipsized, use -l to show in full. ubuntu@zbox:~$ pkcsconf -t pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR) ubuntu@zbox:~$ # above is expected, since the new package from proposed is not used yet ubuntu@zbox:~$ sudo add-apt-repository "deb http://ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc)-proposed main universe" Repository: 'deb http://ports.ubuntu.com/ubuntu-ports/ lunar-proposed main universe' Description: Archive for codename: lunar-proposed components: main,universe More info: http://ports.ubuntu.com/ubuntu-ports/ Adding repository. Press [ENTER] to continue or Ctrl-c to cancel. Adding deb entry to /etc/apt/sources.list.d/archive_uri-http_ports_ubuntu_com_ubuntu-ports_-lunar.list Adding disabled deb-src entry to /etc/apt/sources.list.d/archive_uri-http_ports_ubuntu_com_ubuntu-ports_-lunar.list Hit:1 http://ports.ubuntu.com/ubuntu-ports lunar InRelease Hit:2 http://ports.ubuntu.com/ubuntu-ports lunar-updates InRelease Hit:3 http://ports.ubuntu.com/ubuntu-ports lunar-backports InRelease Hit:4 http://ports.ubuntu.com/ubuntu-ports lunar-security InRelease Get:5 http://ports.ubuntu.com/ubuntu-ports lunar-proposed InRelease [255 kB] Get:6 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/main s390x Packages [39.4 kB] Get:7 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/main Translation-en [19.5 kB] Get:8 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/main s390x c-n-f Metadata [1,404 B] Get:9 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x Packages [21.9 kB] Get:10 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe Translation-en [12.3 kB] Get:11 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x c-n-f Metadata [1,204 B] Fetched 351 kB in 1s (313 kB/s) Reading package lists... Done ubuntu@zbox:~$ [ ubuntu@zbox:~$ sudo apt --yes install devscripts ... ubuntu@zbox:~$ rmadison opencryptoki opencryptoki | 2.3.1+dfsg-3ubuntu5 | trusty | source, amd64, arm64, armhf, i386, powerpc, ppc64el opencryptoki | 3.4.1+dfsg-1ubuntu3 | xenial/universe | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x opencryptoki | 3.4.1+dfsg-1ubuntu4.1 | xenial-updates/universe | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x opencryptoki | 3.9.0+dfsg-0ubuntu1 | bionic/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x opencryptoki | 3.9.0+dfsg-0ubuntu1.4 | bionic-updates/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x opencryptoki | 3.13.0+dfsg-0ubuntu5 | focal/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.13.0+dfsg-0ubuntu5.2 | focal-updates/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.17.0+dfsg+20220202.b40982e-0ubuntu1 | jammy/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.17.0+dfsg+20220202.b40982e-0ubuntu1.1 | jammy-updates/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.18.0+dfsg-0ubuntu2 | kinetic/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.20.0+dfsg-0ubuntu1 | lunar/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.20.0+dfsg-0ubuntu1.1 | lunar-proposed/universe | source, amd64, arm64, armhf, ppc64el, s390x opencryptoki | 3.20.0+dfsg-0ubuntu2 | mantic/universe | source, amd64, arm64, armhf, ppc64el, s390x ubuntu@zbox:~$ apt-cache policy opencryptoki opencryptoki: Installed: 3.20.0+dfsg-0ubuntu1 Candidate: 3.20.0+dfsg-0ubuntu1 Version table: 3.20.0+dfsg-0ubuntu1.1 100 100 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x Packages *** 3.20.0+dfsg-0ubuntu1 500 500 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x Packages 100 /var/lib/dpkg/status ] ubuntu@zbox:~$ sudo apt install opencryptoki=3.20.0+dfsg-0ubuntu1.1 libopencryptoki0=3.20.0+dfsg-0ubuntu1.1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be upgraded: libopencryptoki0 opencryptoki 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 988 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x opencryptoki s390x 3.20.0+dfsg-0ubuntu1.1 [170 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x libopencryptoki0 s390x 3.20.0+dfsg-0ubuntu1.1 [818 kB] Fetched 988 kB in 1s (1,340 kB/s) (Reading database ... 94321 files and directories currently installed.) Preparing to unpack .../opencryptoki_3.20.0+dfsg-0ubuntu1.1_s390x.deb ... Unpacking opencryptoki (3.20.0+dfsg-0ubuntu1.1) over (3.20.0+dfsg-0ubuntu1) ... Preparing to unpack .../libopencryptoki0_3.20.0+dfsg-0ubuntu1.1_s390x.deb ... Unpacking libopencryptoki0:s390x (3.20.0+dfsg-0ubuntu1.1) over (3.20.0+dfsg-0ubuntu1) ... Setting up libopencryptoki0:s390x (3.20.0+dfsg-0ubuntu1.1) ... Setting up opencryptoki (3.20.0+dfsg-0ubuntu1.1) ... addgroup: The group `pkcs11' already exists as a system group. Exiting. adduser: The user `root' is already a member of `pkcs11'. Processing triggers for man-db (2.11.2-1) ... Processing triggers for libc-bin (2.37-0ubuntu2) ... Scanning processes... Scanning processor microcode... Scanning linux images... Running kernel seems to be up-to-date (ABI upgrades are not detected). Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. ubuntu@zbox:~$ ubuntu@zbox:~$ apt-cache policy opencryptoki opencryptoki: Installed: 3.20.0+dfsg-0ubuntu1.1 Candidate: 3.20.0+dfsg-0ubuntu1.1 Version table: *** 3.20.0+dfsg-0ubuntu1.1 100 100 http://ports.ubuntu.com/ubuntu-ports lunar-proposed/universe s390x Packages 100 /var/lib/dpkg/status 3.20.0+dfsg-0ubuntu1 500 500 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x Packages ubuntu@zbox:~$ # Now the following tokens are shows as available by default (ICA and Software token) ubuntu@zbox:~$ pkcsconf -t Token #1 Info: Label: icatok Manufacturer: IBM Model: ICA Serial Number: Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062709371000 URI: pkcs11:manufacturer=IBM;model=ICA;token=icatok Token #3 Info: Label: softtok Manufacturer: IBM Model: Soft Serial Number: Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062709371000 URI: pkcs11:manufacturer=IBM;model=Soft;token=softtok ubuntu@zbox:~$ # initialize and re-label them: ubuntu@zbox:~$ pkcsconf -I -c 1 Enter the SO PIN: Enter a unique token label: myicatok ubuntu@zbox:~$ pkcsconf -I -c 3 Enter the SO PIN: Enter a unique token label: mysofttok ubuntu@zbox:~$ pkcsconf -t Token #1 Info: Label: myicatok Manufacturer: IBM Model: ICA Serial Number: Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062709390700 URI: pkcs11:manufacturer=IBM;model=ICA;token=myicatok Token #3 Info: Label: mysofttok Manufacturer: IBM Model: Soft Serial Number: Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062709390700 URI: pkcs11:manufacturer=IBM;model=Soft;token=mysofttok ubuntu@zbox:~$ [ user@workstation:~$ cd '/home/user/work/Canonical/bugs, tickets/2022088, 2018908, 2018911 - opencryptoki' user@workstation:~/work/Canonical/bugs, tickets/2022088, 2018908, 2018911 - opencryptoki$ scp ibm-java*.bin Encrypt0.java ubuntu@zbox:/home/ubuntu ... ] ubuntu@zbox:~$ ls -la ibm*.bin Encrypt*.* -rw-rw-r-- 1 ubuntu ubuntu 1797 Jun 27 12:24 Encrypt0.java -rw-rw-r-- 1 ubuntu ubuntu 135674069 Jun 27 11:00 ibm-java-jre-8.0-8.5-s390x-archive.bin -rw-rw-r-- 1 ubuntu ubuntu 166007785 Jun 27 12:24 ibm-java-sdk-8.0-8.5-s390x-archive.bin ubuntu@zbox:~$ chmod a+x ibm*.bin ubuntu@zbox:~$ ls -la ibm*.bin Encrypt*.* -rw-rw-r-- 1 ubuntu ubuntu 1797 Jun 27 12:24 Encrypt0.java -rwxrwxr-x 1 ubuntu ubuntu 135674069 Jun 27 11:00 ibm-java-jre-8.0-8.5-s390x-archive.bin -rwxrwxr-x 1 ubuntu ubuntu 166007785 Jun 27 12:24 ibm-java-sdk-8.0-8.5-s390x-archive.bin ubuntu@zbox:~$ ./ibm-java-jre-8.0-8.5-s390x-archive.bin Preparing to install... Extracting the JRE from the installer archive... Unpacking the JRE... Extracting the installation resources from the installer archive... Configuring the installer for this system's environment... Launching installer... Graphical installers are not supported by the VM. The console mode will be used instead... =============================================================================== Choose Locale... ---------------- 1- Bahasa Indonesia 2- Català 3- Deutsch ->4- English 5- Español 6- Français 7- Italiano 8- Português CHOOSE LOCALE BY NUMBER: =============================================================================== IBM® 64-bit Runtime Environment for Linux®, v8.0 (created with InstallAnywhere) ------------------------------------------------------------------------------- Preparing CONSOLE Mode Installation... =============================================================================== International License Agreement for Non-Warranted Programs Part 1 - General Terms BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, * DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND * PROMPTLY RETURN THE UNUSED MEDIA AND DOCUMENTATION TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. 1. Definitions Press Enter to continue viewing the license agreement, or enter "1" to accept the agreement, "2" to decline it, "3" to print it, or "99" to go back to the previous screen.: 1 =============================================================================== Introduction ------------ InstallAnywhere will guide you through the installation of IBM® 64-bit Runtime Environment for Linux®, v8.0. It is strongly recommended that you quit all programs before continuing with this installation. Respond to each prompt to proceed to the next step in the installation. If you want to change something on a previous step, type 'back'. You may cancel this installation at any time by typing 'quit'. PRESS TO CONTINUE: =============================================================================== Choose Install Folder --------------------- Where would you like to install? Default Install Folder: /home/ubuntu/ibm-java-s390x-80 ENTER AN ABSOLUTE PATH, OR PRESS TO ACCEPT THE DEFAULT : =============================================================================== Pre-Installation Summary ------------------------ Please Review the Following Before Continuing: Product Name: IBM® 64-bit Runtime Environment for Linux®, v8.0 Install Folder: /home/ubuntu/ibm-java-s390x-80 Disk Space Information (for Installation Target): Required: 220,606,129 Bytes Available: 20,271,656,960 Bytes PRESS TO CONTINUE: =============================================================================== Installing... ------------- [==================|==================|==================|==================] [------------------|------------------|------------------|------------------] =============================================================================== Installation Complete --------------------- Congratulations. IBM® 64-bit Runtime Environment for Linux®, v8.0 has been successfully installed to: /home/ubuntu/ibm-java-s390x-80 PRESS TO EXIT THE INSTALLER: ubuntu@zbox:~$ ./ibm-java-sdk-8.0-8.5-s390x-archive.bin Preparing to install... Extracting the JRE from the installer archive... Unpacking the JRE... Extracting the installation resources from the installer archive... Configuring the installer for this system's environment... Launching installer... Graphical installers are not supported by the VM. The console mode will be used instead... =============================================================================== Choose Locale... ---------------- 1- Bahasa Indonesia 2- Català 3- Deutsch ->4- English 5- Español 6- Français 7- Italiano 8- Português CHOOSE LOCALE BY NUMBER: =============================================================================== IBM® 64-bit SDK for Linux®, v8.0 (created with InstallAnywhere) ------------------------------------------------------------------------------- Preparing CONSOLE Mode Installation... =============================================================================== International License Agreement for Non-Warranted Programs Part 1 - General Terms BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, * DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND * PROMPTLY RETURN THE UNUSED MEDIA AND DOCUMENTATION TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. 1. Definitions Press Enter to continue viewing the license agreement, or enter "1" to accept the agreement, "2" to decline it, "3" to print it, or "99" to go back to the previous screen.: 1 =============================================================================== Introduction ------------ InstallAnywhere will guide you through the installation of IBM® 64-bit SDK for Linux®, v8.0. It is strongly recommended that you quit all programs before continuing with this installation. Respond to each prompt to proceed to the next step in the installation. If you want to change something on a previous step, type 'back'. You may cancel this installation at any time by typing 'quit'. PRESS TO CONTINUE: =============================================================================== Choose Install Folder --------------------- Where would you like to install? Default Install Folder: /home/ubuntu/ibm-java-s390x-80 ENTER AN ABSOLUTE PATH, OR PRESS TO ACCEPT THE DEFAULT : =============================================================================== Pre-Installation Summary ------------------------ Please Review the Following Before Continuing: Product Name: IBM® 64-bit SDK for Linux®, v8.0 Install Folder: /home/ubuntu/ibm-java-s390x-80 Disk Space Information (for Installation Target): Required: 259,484,552 Bytes Available: 20,032,110,592 Bytes PRESS TO CONTINUE: =============================================================================== Installing... ------------- [==================|==================|==================|==================] [------------------|------------------|------------------|------------------] =============================================================================== Installation Complete --------------------- Congratulations. IBM® 64-bit SDK for Linux®, v8.0 has been successfully installed to: /home/ubuntu/ibm-java-s390x-80 PRESS TO EXIT THE INSTALLER: ubuntu@zbox:~$ ls Encrypt0.java ibm-java-jre-8.0-8.5-s390x-archive.bin ibm-java-s390x-80 ibm-java-sdk-8.0-8.5-s390x-archive.bin wget-log ubuntu@zbox:~$ export PATH=$PATH:/home/ubuntu/ibm-java-s390x-80/jre/bin ubuntu@zbox:~$ export JAVA_HOME=/home/ubuntu/ibm-java-s390x-80/jre ubuntu@zbox:~$ java -version java version "1.8.0_371" Java(TM) SE Runtime Environment (build 8.0.8.5 - pxz6480sr8fp5-20230418_01(SR8 FP5)) IBM J9 VM (build 2.9, JRE 1.8.0 Linux s390x-64-Bit Compressed References 20230417_49632 (JIT enabled, AOT enabled) OpenJ9 - 085a542 OMR - 9f28c98 IBM - 68444b7) JCL - 20230329_01 based on Oracle jdk8u371-b11 ubuntu@zbox:~$ # create the Java test application # This sample application does AES encryption in ECB mode with a randomly generated key (DRBG-SHA-512). Since no provider is explicitly specified to be used in this test program in the first instance, the AES encryption operation will be performed by the provider according the assigned priority in java.security. ubuntu@zbox:~$ ls -l Encrypt0.java -rw-rw-r-- 1 ubuntu ubuntu 1797 Jun 27 12:24 Encrypt0.java ubuntu@zbox:~$ cat Encrypt0.java import java.security.*; import java.security.spec.*; import java.security.interfaces.*; import javax.crypto.*; import javax.crypto.spec.*; import javax.crypto.interfaces.*; class Encrypt0 { public static void main (String[] args) { SecretKey aesKey = null; try { // create random AES key KeyGenerator keygen = KeyGenerator.getInstance("AES"); aesKey = keygen.generateKey(); } catch (Exception e){ throw ( new RuntimeException(e)); } Cipher aesCipher; try { // Create the cipher aesCipher = Cipher.getInstance("AES/ECB/NoPadding"); // Initialize the cipherforencryption aesCipher.init(Cipher.ENCRYPT_MODE, aesKey); // Our cleartext byte[] cleartext = "0123456789abcdef".getBytes(); // Print cleartext System.out.println("ourcleartext - to be encrypted:"); for (int i=0; i= # security.provider.1=sun.security.provider.Sun security.provider.1=com.ibm.jsse2.IBMJSSEProvider2 security.provider.2=com.ibm.crypto.plus.provider.IBMJCEPlus security.provider.3=com.ibm.crypto.provider.IBMJCE security.provider.4=com.ibm.security.jgss.IBMJGSSProvider security.provider.5=com.ibm.security.cert.IBMCertPath security.provider.6=com.ibm.security.sasl.IBMSASL security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO security.provider.10=sun.security.provider.Sun ubuntu@zbox:~$ # Use icainfo to display which CPACF functions are supported by the implementation of libica and which are hardware-accelerated or software-only implementations (limiting to what's relevant for the Java code, which is DRBG-SHA-512 and AES ECB). ubuntu@zbox:~$ icainfo | head -n 6 && icainfo | grep 'DRBG-SHA-512\|AES ECB' Cryptographic algorithm support ------------------------------------------------------ | hardware | function | dynamic | static | software | | (msa=05) | ---------------+------------+------------+------------ DRBG-SHA-512 | no | yes | - AES ECB | no | yes | - ubuntu@zbox:~$ icastats | head -n 4 && icastats | grep 'DRBG-SHA-512\|AES ECB' function | hardware | software ----------------+------------------------------+----------------------------- | ENC CRYPT DEC | ENC CRYPT DEC ----------------+------------------------------+----------------------------- DRBG-SHA-512 | 1344 | 0 AES ECB | 0 0 | 0 0 ubuntu@zbox:~$ icainfo -r RSA key lengths: 512 ... 4096 bits. No built-in FIPS support. ubuntu@zbox:~$ icastats -r ubuntu@zbox:~$ icastats | head -n 4 && icastats | grep 'DRBG-SHA-512\|AES ECB' function | hardware | software ----------------+------------------------------+----------------------------- | ENC CRYPT DEC | ENC CRYPT DEC ----------------+------------------------------+----------------------------- DRBG-SHA-512 | 0 | 0 AES ECB | 0 0 | 0 0 ubuntu@zbox:~$ java Encrypt0 ourcleartext - to be encrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, text encrypted: 0xb5, 0xc6, 0xb2, 0x8e, 0x41, 0x04, 0x96, 0x1b, 0xd6, 0x56, 0x22, 0x9b, 0x64, 0x8f, 0x76, 0x29, textdecrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, Done ! ubuntu@zbox:~$ icastats | head -n 4 && icastats | grep 'DRBG-SHA-512\|AES ECB' function | hardware | software ----------------+------------------------------+----------------------------- | ENC CRYPT DEC | ENC CRYPT DEC ----------------+------------------------------+----------------------------- DRBG-SHA-512 | 0 | 0 AES ECB | 0 0 | 0 0 ubuntu@zbox:~$ ubuntu@zbox:~$ grep -A 12 "List of providers and their preference orders" /home/ubuntu/ibm-java-s390x-80/jre/lib/security/java.security # List of providers and their preference orders (see above): # security.provider.1=com.ibm.jsse2.IBMJSSEProvider2 security.provider.2=com.ibm.crypto.plus.provider.IBMJCEPlus security.provider.3=com.ibm.crypto.provider.IBMJCE security.provider.4=com.ibm.security.jgss.IBMJGSSProvider security.provider.5=com.ibm.security.cert.IBMCertPath security.provider.6=com.ibm.security.sasl.IBMSASL security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO security.provider.10=sun.security.provider.Sun ubuntu@zbox:~$ vi /home/ubuntu/ibm-java-s390x-80/jre/lib/security/java.security ubuntu@zbox:~$ grep -A 12 "List of providers and their preference orders" /home/ubuntu/ibm-java-s390x-80/jre/lib/security/java.security # List of providers and their preference orders (see above): # security.provider.1=com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl /home/ubuntu/p11.cfg security.provider.2=com.ibm.jsse2.IBMJSSEProvider2 security.provider.3=com.ibm.crypto.plus.provider.IBMJCEPlus security.provider.4=com.ibm.crypto.provider.IBMJCE security.provider.5=com.ibm.security.jgss.IBMJGSSProvider security.provider.6=com.ibm.security.cert.IBMCertPath security.provider.7=com.ibm.security.sasl.IBMSASL security.provider.8=com.ibm.xml.crypto.IBMXMLCryptoProvider security.provider.9=com.ibm.xml.enc.IBMXMLEncProvider security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO security.provider.11=sun.security.provider.Sun ubuntu@zbox:~$ ubuntu@zbox:~$ pkcsconf -t -c 3 Token #3 Info: Label: mysofttok Manufacturer: IBM Model: Soft Serial Number: Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062712475500 URI: pkcs11:manufacturer=IBM;model=Soft;token=mysofttok ubuntu@zbox:~$ vi p11.cfg ubuntu@zbox:~$ cat p11.cfg name = Sample description = Sample IBMPKCS11Impl config file for LoZ library = /usr/lib/s390x-linux-gnu/pkcs11/PKCS11_API.so tokenlabel = mysofttok ubuntu@zbox:~$ ubuntu@zbox:~$ icastats -r ubuntu@zbox:~$ java Encrypt0 ourcleartext - to be encrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, text encrypted: 0xc7, 0x40, 0x9c, 0xde, 0xf5, 0xbf, 0x9f, 0x8b, 0xc0, 0x9c, 0x34, 0xc2, 0x18, 0x9b, 0x47, 0x8c, textdecrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, Done ! ubuntu@zbox:~$ icastats | head -n 4 && icastats | grep 'DRBG-SHA-512\|AES ECB' function | hardware | software ----------------+------------------------------+----------------------------- | ENC CRYPT DEC | ENC CRYPT DEC ----------------+------------------------------+----------------------------- DRBG-SHA-512 | 168 | 0 AES ECB | 0 0 | 0 0 ubuntu@zbox:~$ ubuntu@zbox:~$ pkcsconf -t -c 1 Token #1 Info: Label: myicatok Manufacturer: IBM Model: ICA Serial Number: Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062712493800 URI: pkcs11:manufacturer=IBM;model=ICA;token=myicatok ubuntu@zbox:~$ vi p11.cfg ubuntu@zbox:~$ cat p11.cfg name = Sample description = Sample IBMPKCS11Impl config file for LoZ library = /usr/lib/s390x-linux-gnu/pkcs11/PKCS11_API.so tokenlabel = myicatok ubuntu@zbox:~$ ubuntu@zbox:~$ icastats -r ubuntu@zbox:~$ java Encrypt0 ourcleartext - to be encrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, text encrypted: 0xc9, 0x68, 0x44, 0x03, 0x7d, 0x6e, 0x89, 0x2f, 0x90, 0x5a, 0xd1, 0xb5, 0x5f, 0xbe, 0x47, 0x4b, textdecrypted: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, Done ! ubuntu@zbox:~$ icastats | head -n 4 && icastats | grep 'DRBG-SHA-512\|AES ECB' function | hardware | software ----------------+------------------------------+----------------------------- | ENC CRYPT DEC | ENC CRYPT DEC ----------------+------------------------------+----------------------------- DRBG-SHA-512 | 173 | 0 AES ECB | 1 1 | 0 0 ubuntu@zbox:~$ ubuntu@zbox:~$ pkcsconf -I -c 1 Enter the SO PIN: Enter a unique token label: mysofttok ubuntu@zbox:~$ pkcsconf -u -c 1 Enter the SO PIN: Enter the new user PIN: Re-enter the new user PIN: ubuntu@zbox:~$ p11sak list-key all --slot 1 Please enter user PIN: | P M R L S E D G V W U X A N * | KEY TYPE | LABEL |---------------------------------------------+-------------+------------- ubuntu@zbox:~$ p11sak gen-key aes 256 --slot 1 --pin 88888888 --label myicatok --attr X Generate symmetric key AES with keylen=256 and label="myicatok" Symmetric key generation successful! ubuntu@zbox:~$ p11sak list-key all --slot 1 Please enter user PIN: | P M R L S E D G V W U X A N * | KEY TYPE | LABEL |---------------------------------------------+-------------+------------- | 0 1 0 1 0 1 1 1 1 1 1 1 0 0 0 | AES 256 | "myicatok" ubuntu@zbox:~$