Entrust Authority: Security Toolkit for the Java Platform

z/OS® Edition Frequently Asked Questions

  1. What is the Security Toolkit for the Java Platform z/OS® Edition?
  2. Why did Entrust choose to port the Toolkit for Java to z/OS?
  3. When will the Security Toolkit for the Java Platform z/OS Edition be available and how do I receive a copy?
  4. What are the requirements to install the Java Toolkit onto z/OS?
  5. Can I create and store an Entrust profile (.epf) on z/OS?
  6. Can I use the Security Toolkit for the Java Platform z/OS Edition to establish an SSL/TLS session?
  7. What type of security solution is there for business-to-business transactions?
  8. Does the Security Toolkit for the Java Platform allow me to utilize credentials other than Entrust .epf profiles?
  9. Are there any differences with the Security Toolkit for the Java Platform z/OS Edition and your standard Security Toolkit for the Java Platform version?
  1. What is the Toolkit for Java z/OS Edition? (top)

    This product is a port of our existing Security Toolkit for the Java Platform to the IBM® z/OS® mainframe environment. It allows customers to integrate Entrust PKI functionality, such as digital signatures and encryption, into a mainframe application. This gives customers the ability to create trusted transactions that incorporate data and information from mainframe, UNIX and Windows servers. All of it is built on a common infrastructure and uses Entrust managed certificates.

  2. Why did Entrust choose to port the Security Toolkit for the Java Platform to z/OS? (top)

    A number of our large customers requested the ability to integrate Entrust Authority™ functionality into mainframe applications. Therefore, we conducted market and technical assessments that confirmed this need. We then utilized the PKI integration capabilities of the Security Toolkit for the Java Platform , in collaboration with IBM’s Java infrastructure on z/OS, to deliver upon this customer requirement.

  3. When will the Security Toolkit for the Java Platform z/OS Edition be available and how do I receive a copy? (top)

    The Security Toolkit for the Java Platform z/OS Edition is currently available on CD. To receive your copy, contact your local Entrust Account Representative or send us an email and one of our trained representatives will be pleased to assist you.

  4. What are the requirements to install the Java Toolkit onto z/OS? (top)

    In order to install the Security Toolkit for the Java Platform onto z/OS, you will need IBM’s 1.3.1 JDK for z/OS.

  5. Can I create and store an Entrust profile (.epf) on z/OS? (top)

    Yes. Many Entrust Authority customers requested the ability to create and store an Entrust profile (.epf) onto z/OS. That is the fundamental basis for all other z/OS security solutions. Once the system has been issued an Entrust profile, it is then able to partake in the many Java solutions that are offered through our Security Toolkit for the Java Platform . Also, once your profile has been issued to the mainframe system, it will benefit from the full management capabilities of Entrust’s PKI solution. PKI management capabilities like certificate revocation checking, key backup, key rollover and key recovery will be automatically applied to the profile. No additional key management facility is needed on the z/OS system once an .epf has been issued. Management takes place within the Entrust Authority environment.

  6. Can I use the Security Toolkit for the Java Platform , z/OS Edition to establish an SSL/TLS session? (top)

    Yes. One example is the ability to create secure sessions between browser-based end users and IBM WebSphere®, running on z/OS. In this scenario, you can easily make use of Secure Sockets Layer (SSL, v.2, v.3) or its replacement, Transport Layer Security (TLS v. 1.0). Both are supported within the Java Toolkit. Using the supplied Java Secure Sockets Extension™ (JSSE) API within our Toolkit, you would be able to create Java Web applications that could safely communicate across a secure and encrypted channel (HTTPS). Our JSSE implementation gives you the ability to incorporate either server-based authentication or 2-way (mutual) authentication as part of your SSL/TLS solution.

  7. What type of security solution is there for business-to-business transactions? (top)

    For complete security, the Security Toolkit for the Java Platform enables you to have a secure store and forward (SSF) mechanism for your z/OS based data. Using the Cryptographic Message Syntax Standard, PKCS #7, the Security Toolkit for the Java Platform can secure all information sent from one entity to another. In applying this solution, you could allow direct business-to-business communication across secure or open channels. Regardless of how many intermediate server paths or hops that are taken in transmission, you are assured that your sensitive information is encrypted only for its intended target. Should that file somehow end up on another machine, it would be rendered impregnable to all but the intended recipient. It is the Security Toolkit for the Java Platform z/OS Edition that brings this crucial level of security to your z/OS environment.

  8. Does the Security Toolkit for the Java Platform allow me to utilize credentials other than Entrust .epf profiles? (top)

    Yes. The Java Toolkit enables the use of either .epf credentials or the Personal Information Exchange Syntax Standard, PKCS #12. Both types of user credentials can be used in Java applications developed with the Security Toolkit for the Java Platform . This flexibility is essential in any environment where you do not have control over the issuance of user credentials but you would like to interoperate with Entrust products and solutions.

  9. Are there any differences with the Security Toolkit for the Java Platform z/OS Edition and your standard Entrust Authority™ toolkit for Java version? (top)

    Yes, but it is related to the native environment itself and not the Java programming language. There are some features of the standard version of the Security Toolkit for the Java Platform that do not run on z/OS. Specifically, any piece of our code which is dependent upon native code libraries (i.e. DLLs or .SOs) have not been ported to z/OS. For example, you could not use our Server Login Feature, Entrust Login Interface (client-side Single Sign-on agent), cryptographic hardware devices that require PKCS #11, S/MIME or Microsoft Crypto API on the z/OS platform.

If you have any questions or comments about the Toolkit, please send an email message to .

Current customers may login to online support.