How Elliptic Curve Cryptography (ECC) Is Implemented in IBM i

IBM 4770

Hey everyone! If you caught my last post on the fundamentals of Elliptic Curve Cryptography (ECC)—its history, math, and why it’s a game-changer over RSA—thanks for the read! Today, we’re building on that with a follow-up focused on the practical side: how ECC is implemented in IBM i. As an enterprise OS running on IBM Power Systems, IBM i (formerly AS/400) has robust built-in support for cryptography, making it a staple in banking, finance, and secure data environments. ECC fits right in, offering efficient public-key operations with hardware acceleration.

Whether you’re an IBM i admin, developer, or just curious about enterprise crypto, this post will break down the implementation, from hardware to APIs, and show how to put it to work. Let’s dive in!t

On IBM i, ECC is deeply integrated into the operating system, cryptographic services, and network security stack. If you are running modern IBM i releases and still relying heavily on RSA, you are likely missing both performance gains and security improvements.

This post explains where ECC lives in IBM i, how it is implemented, and how it is used in real-world IBM i environments.

A Quick Recap and Why IBM i Matters for ECC

To refresh: ECC uses points on elliptic curves over finite fields for public-key crypto, relying on the ECDLP for security. It’s lighter on resources than RSA, perfect for high-volume transactions.

Elliptic Curve Cryptography

IBM i integrates ECC through its security framework, emphasizing hardware-secured operations to meet standards like FIPS 140. This isn’t just software emulation—IBM i leverages dedicated cryptographic coprocessors for speed and tamper resistance. Support for ECC has been around since earlier releases (like V6R1), but it’s matured in versions like 7.3 and beyond, with seamless ties to tools like Digital Certificate Manager (DCM) for SSL/TLS.

In enterprise setups, ECC on IBM i shines for secure communications, digital signatures, and key exchanges, especially where compliance (e.g., PCI DSS) demands strong crypto without bogging down the system.

ECC in IBM i: Big Picture

IBM i does not treat ECC as a bolt-on feature. Instead, ECC is implemented across multiple layers:

  • Hardware Security Modules (HSMs)
  • Licensed Internal Code (LIC) & Cryptographic Services APIs
  • Digital Certificate Manager (DCM) – DCM generates ECC certs for apps, stored in HSM.
  • TLS / SSL stack – Offload handshakes to coprocessors for HTTPS, VPNs.
  • OpenSSH
  • IBM i Access and HTTP servers

From application-level encryption to secure network communications, ECC is part of IBM i’s core security design.

Hardware Foundation: Cryptographic Coprocessors

At the heart of ECC implementation in IBM i is hardware acceleration via Cryptographic Coprocessors. These are PCIe-based Hardware Security Modules (HSMs) that offload crypto tasks from the CPU, boosting performance and security.

Key models include:

  • IBM 4770: The 4770 Cryptographic Coprocessor is available on the Power 11 model as hardware feature codes EPG4, EPG5, or EPG6.
  • IBM 4769 PCIe Cryptographic Coprocessor: The go-to for modern Power9 and Power10 systems. It supports ECC natively, handling operations like key generation and signatures at hardware speed.
  • IBM 4767 and 4765: IBM 4767 s no longer available but still supported, with ECC enabled via specific Function Control Vectors (FCVs) like FCVECC4765.CRT.
  • IBM 4764: Older but compatible for basic PKA (Public Key Algorithm) tasks.

These coprocessors are tamper-resistant, FIPS 140-certified, and destroy sensitive data if physically compromised (e.g., extreme temperature changes). To enable ECC:

  1. Install the hardware (e.g., feature codes EJ35/EJ37 for 4769).
  2. Load the FCV using the Cryptographic_Facility_Control (CSUACFC) API or IBM Navigator for i wizard.
  3. Configure via CL commands like VRYCFG to vary on the device.

Software prerequisites:

  • IBM i Option 35 (CCA Cryptographic Service Provider).
  • 5733-CY3 (Cryptographic Device Manager for firmware).
  • Option 34 (Digital Certificate Manager) for cert integration

Read more on: https://www.ibm.com/docs/en/i/7.6.0?topic=coprocessor-requirements

With hardware in place, ECC operations are faster—think 10x speedup for TLS handshakes compared to software-only—and more secure, as keys never leave the HSM.

Cryptographic Foundations in IBM i

IBM i provides cryptography through IBM i Cryptographic Services, which expose standardized APIs for:

  • Key generation
  • Digital signatures
  • Hashing
  • Encryption and decryption
  • Secure random number generation

ECC support is implemented through:

  • Elliptic Curve Digital Signature Algorithm (ECDSA)
  • Elliptic Curve Diffie–Hellman (ECDH)

These services rely on NIST-approved curves, such as:

  • P-256
  • P-384
  • P-521

Licensed Internal Code (LIC) & Cryptographic Services

IBM i provides core crypto via IBM i Cryptographic Services, which are standardized APIs built into the OS.

These APIs expose:

Key generation
Digital signatures
Secure random numbers
Encryption / decryption
ECC support is included via:

ECDSA (Elliptic Curve Digital Signature Algorithm)
ECDH / ECDHE (Elliptic Curve Diffie–Hellman / Ephemeral)

Modern elliptic curves (e.g., secp256r1, secp384r1) are used for these operations, providing equivalent security to much larger RSA keys with lower CPU cost and smaller signatures/certificates.

ECC and Digital Certificate Manager (DCM)

ECC Certificates in IBM i

The Digital Certificate Manager (DCM) is the primary interface for managing certificates on IBM i. DCM fully supports ECC-based certificates.

You can:

  • Create/Generate ECC key pairs
  • Generate/Produce ECC Certificate Signing Requests (CSRs)
  • Import ECC certificates from external Certificate Authorities
  • Assign ECC certificates to applications
IBM DCM Certificate Creation

Most public CAs now support ECC certificates, making ECC deployment straightforward. IBM i documentation confirms that DCM supports ECC public-key algorithms alongside RSA when generating certificates.

Benefits of ECC certificates:

  • Smaller certificate sizes
  • Stronger security per bit
  • Faster TLS handshake performance
  • Lower CPU utilisation vs equivalently secure RSA certificates

These advantages make ECC especially valuable for high-traffic web APIs, mobile integrations, and TLS endpoints.

ECC in TLS and SSL on IBM i

TLS Handshake with ECC

IBM i supports ECC in TLS through:

  • ECDHE (Elliptic Curve Diffie–Hellman Ephemeral)
  • ECDSA (for authentication)

Modern TLS cipher suites on IBM i commonly look like:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • Perfect Forward Secrecy
  • Strong authentication
  • Efficient encryption

Where TLS with ECC Is Used

ECC-enabled TLS is used by:

  • IBM HTTP Server for i
  • Integrated Web Services (IWS)
  • Db2 for i secure connections
  • FTP over TLS
  • SMTP over TLS
  • REST APIs

If TLS 1.2 or TLS 1.3 is enabled, ECC is usually preferred automatically.

ECC in OpenSSH on IBM i

IBM i OpenSSH supports ECC key types such as:

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

Why Use ECC SSH Keys

  • Faster authentication
  • Smaller key files
  • Stronger cryptography
  • Better performance for automation

ECC SSH keys work especially well for:

  • Automated jobs
  • CI/CD pipelines
  • Secure file transfers
  • Administrative access

ECC and IBM i Cryptographic APIs for Applications

Application-Level ECC Usage

Developers can use ECC through:

  • C/C++ APIs
  • ILE programs
  • Java Cryptography Architecture (JCA)
  • PASE OpenSSL libraries

Typical application use cases:

  • Secure key exchange
  • Digital signing of transactions
  • Authentication tokens
  • Secure API communication

ECC enables strong security without heavy CPU cost, which matters in high-throughput IBM i workloads.

How ECC Works in IBM i

ECC in IBM i follows the standard curve-based model but is wrapped in the Common Cryptographic Architecture (CCA) for hardware ops. Keys are points on NIST-approved curves (e.g., P-256, P-384), with security from ECDLP.

Key Generation and Management

  • Process: Use APIs to generate ECC key pairs (private d, public Q = d * G).
  • Keystores: ECC keys live in PKA Keystores (distinct from DES/AES ones).
    • Create with CRTCKMKSF or QC3CRTKS.
    • CRTCKMKSF KEYSTORE(MYLIB/MYKEYS) MSTKEY(1) AUT(*EXCLUDE) TEXT('Master Key Store')
  • Master Keys: All keys are protected by 256-bit AES master keys.
    • Load parts with ADDMSTPART or QC3LDMKP, set with SETMSTKEY.
    • ADDMSTPART MSTKEY(*SAVRST) PASSPHRASE('This is a passphrase for master key') PASSLEN(*CALC)
  • SETMSTKEY MSTKEY(1)
  • Generate ECC key: GENCKMKSFE FILE(MYLIB/PKASTORE) TYPE(*ECC) SIZE(256).
  • Export public key: QC3EXTPB for sharing.
  • Hardware Storage: For max security, generate and retain keys in the coprocessor HSM—private keys never hit disk.

Keys include an Environment ID (EID) for origin verification, and management handles versions (new/current/old) for rotation.

Performance Benefits of ECC on IBM i

ECC significantly reduces cryptographic overhead.

Practical Benefits

  • Faster TLS handshakes
  • Reduced CPU spikes
  • Better scalability under load
  • Lower memory usage

For environments with:

  • High transaction volume
  • Web services
  • External integrations

ECC improves both security and performance.

ECC vs RSA in IBM i Environments

FeatureRSAECC
Key SizeLargeSmall
CPU UsageHighLow
TLS PerformanceSlowerFaster
Mobile/IoTWeak fitExcellent fit
Future ReadinessDecliningPreferred

IBM strongly recommends ECC-based cipher suites in modern configurations.

Compliance and Standards Support

ECC on IBM i aligns with:

  • NIST recommendations
  • PCI DSS requirements
  • Financial-sector security standards
  • Government cryptographic policies

This makes ECC suitable for:

  • Banking
  • Insurance
  • Healthcare
  • Government systems

Common Mistakes When Using ECC on IBM i

  • Keeping RSA-only certificates
  • Allowing weak cipher suites
  • Not enabling ECDHE
  • Using outdated TLS versions
  • Ignoring DCM configuration defaults

A simple certificate and TLS review often unlocks ECC benefits immediately.

Best Practices for ECC on IBM i

Prefer ECDHE + ECDSA cipher suites

  • Use TLS 1.2 or TLS 1.3 only
  • Replace RSA certificates with ECC where possible
  • Use DCM consistently
  • Leverage HSMs for sensitive keys
  • Regularly review cipher configurations
  • Master Key Management: Always back up via SAVSYS
  • Updates: After OS upgrades (e.g., to 7.5+), re-encrypt keystores with TRNCKMKSF.
  • Testing: Verify with CHKMSTKVV or QC3TSTMK.
  • If you’re on older hardware, upgrade to 4769 for full ECC perks.

Final Thoughts

ECC is not experimental on IBM i—it is production-proven, optimized, and recommended. IBM i administrators who embrace ECC gain stronger security, better performance, and improved future readiness.

If your IBM i environment still depends mainly on RSA, the transition to ECC is one of the highest-impact security improvements you can make.

  1. Digital Certificate Manager (DCM) overview (IBM i 7.4 documentation) — Describes managing digital certificates (including ECC/ ECDSA certificates) and using them for TLS: https://www.ibm.com/docs/en/i/7.4.0?topic=security-digital-certificate-manager
  2. IBM i Security Digital Certificate Manager PDF (V7R5) — Explicitly notes that DCM supports ECC and RSA public-key algorithms when generating certificates: https://www.ibm.com/docs/en/ssw_ibm_i_75/pdf/rzahupdf.pdf
  3. IBM Support: Configuring IBM i SSL/TLS protocols & cipher suites — Shows how ECDHE/ECDSA cipher suites are part of IBM i TLS configurations and how to manage them: https://www.ibm.com/support/pages/configuring-your-ibm-i-system-secure-sockets-layer-ssltransport-layer-security-tls-protocols-and-cipher-suites
  4. IBM i 7.4 Technology Release 2 enhancements — Confirms TLS updates that include newer ECC groups (like x25519/x448) in the default named elliptic curves list: https://as400.midlandinfosys.com/ibm-i-v7r4-tr2-announcement-details-os400-enhancements
  5. SSL/TLS cipher suite guidelines — Common strong ECC-compatible cipher suites (ECDHE_ECDSA, AES-GCM) recommended for IBM i hardened TLS configurations: https://www.conversesystems.com/blog/ibm-i-ssl-tls-implementation-hardening-guidelines
  6. Elliptic curve cryptography functions (generic ECC reference) — Explains how ECC key pairs/ functions are structured and used in TLS (applicable conceptually to how ECC works in IBM stacks): https://www.ibm.com/docs/en/linux-on-systems?topic=apis-elliptic-curve-ecc-functions Note: While this is generic IBM documentation, the ECC concepts apply similarly within IBM i’s SSL/TLS and crypto layers.
  7. OpenSSH release notes — Shows ECC (ecdsa key types) are supported and evolving in modern SSH implementations: https://www.openssh.com/releasenotes.html

Spread the Word !

Shares

Leave a Reply