Verifying that Cryptographic Hardware is Used

To verify that cryptographic hardware is being used, set the debug level for SecShPluginCipherZosIcsf to 10. Setting all debug to level 10 would have the same result, but you would end up with a large amount of data to look through.

You can use this command from USS to verify that cryptographic hardware is enabled:

> sshg3 -DSecShPluginCipherZosIcsf=10

The command should produce the following type of output:

Development-time debugging is enabled.
Setting debug level string to 'SecShPluginCipherZosIcsf=10'.

state_determine: Hardware for 3des-cbc:  CPACF
state_determine: Hardware for aes128-cbc: CPACF
state_determine: Hardware for aes192-cbc: CPACF
state_determine: Hardware for aes256-cbc: CPACF

Remote system type is POSIX (z/OS).