ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/unix9.htm

115 lines
4.9 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Secure Sockets APIs</title>
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Begin Header Records ========================================= -->
<!-- NETMG2 SCRIPT A converted by B2H R4.1 (346) (CMS) by HOLTJM at -->
<!-- RCHVMW2 on 29 Jan 1999 at 10:01:37 -->
<!-- File restructured for V5R2 -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<h2>Secure sockets APIs</h2>
<p>Secure sockets consists of the following APIs:</p>
<ul>
<li><a href="unix9a.htm">i5/OS Global Secure Toolkit (GSKit) APIs</a><br><br></li>
<li><a href="unix9b.htm">i5/OS SSL_ APIs</a><br><br></li>
<li><img src="delta.gif" alt="Start of change" border="0"><a href="openssl.htm">Open SSL APIs</a><img src="deltaend.gif" ALT="End of change" border="0"></li>
</ul>
<p>The i5/OS<SUP>(R)</SUP> Global Secure Toolkit (GSKit) and i5/OS SSL_ application
programming interfaces (APIs) are a set of functions that,
when used with the i5/OS sockets APIs, are designed to enable and facilitate
secure communications between processes on a network. The GSK Secure Toolkit
(GSKit) APIs are the preferred set of APIs to be used to securely enable an
application using Secure Sockets Layer/Transport Layer Security (SSL/TLS). The
SSL_ APIs also can be used to enable an application to use the SSL/TLS Protocol.</p>
<p>SSL provides communications privacy over an open communications
network (that is, the Internet). The protocol allows client/server applications
to communicate to prevent eavesdropping, tampering, and message forgery.
The SSL protocol connection security has three basic properties:</p>
<ul>
<li>The connection is private. Encryption using secret keys is used to encrypt
and decrypt the data. The secret keys are generated on a per SSL session basis
using an SSL handshake protocol. An SSL handshake is a series of protocol packets
sent in a particular sequence, which use asymmetric cryptography to establish an
SSL session. Symmetric cryptography is used for application data encryption
and decryption.<br><br></li>
<li>The peer's identity can be authenticated using asymmetric, or public key
cryptography.<br><br></li>
<li>The connection is reliable. Message transport includes a message integrity
check using a keyed Message Authentication Code (MAC). Secure hash functions
are used for MAC computations.</li>
</ul>
<p>When creating ILE programs or service programs that use the i5/OS GSKit or
SSL_ APIs, you do not need to explicitly bind to the secure sockets service program
QSYS/QSOSSLSR because it is part of the system binding directory.</p>
<p>The GSKit and SSL_ API documentation describes the GSKit and SSL_ APIs only.
This documentation does not include any information about how to configure or
obtain any of the cryptographic objects, such as a key ring file or
certificate, that are required to fully enable an application for SSL. Some
cryptographic objects, such as certificate store files, are required parameters
for
GSKit and SSL_ APIs. Information on how to configure the cryptographic objects
required for the i5/OS secure socket APIs, or how to configure a secure web server,
which also uses the secure socket APIs, can be found using the following references:</p>
<ul>
<li><a href="http://www.as400.ibm.com/products/http/docs/doc.htm" target="_blank">HTTP
Server: Documentation</a><img src="www.gif" width="18" height="15" alt="Link outside Information Center"><br><br></li>
<li><a href="../rzain/rzainoverview.htm">Secure Sockets Layer (SSL)</a>
under the Security topic. <a href="../rzain/rzainplanssl.htm">Plan for enabling
SSL</a> discusses what you must install and configure before using
secure sockets.<br><br></li>
<li><a href="../rzajc/rzajcoverview.htm">Cryptographic Hardware</a> topic.</li>
</ul>
<p>For background information on GSKit and SSL_ APIs, see:</p>
<ul>
<li><a href="../rzab6/cssl.htm">Secure Sockets</a> in the
Sockets programming topic.
</ul>
<br>
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> |
<a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by
category</a></td>
</tr>
</table>
</center>
</body>
</html>