Scroll to navigation

IBMCA(5) IBMCA user manual IBMCA(5)


IBMCA - IBMCA is an OpenSSL engine that uses the libica library under s390x to accelerate cryptographic operations.


IBMCA accelerates cryptographic operations of applications that use OpenSSL. The engine can be configured by the IBMCA configuration file. The OpenSSL configuration file is only needed to attach the engine.


The OpenSSL configuration file can have an IBMCA section. This section includes only OpenSSL configuration options for the IBMCA engine.

Control Commands

Applications that load an OpenSSL engine can optionally send control commands to the engine. Control Commands are key value pairs. The value can be a string, a numeric integer or be null. See the engine(3) manpage for a mechanism to discover control commands.



Options for the IBMCA section in openssl.cnf:

dynamic_path = /path/to/

Set the path to the IBMCA shared object file allowing OpenSSL to find the file.

engine_id = name

Set the name of the engine. The default name is "ibmca".
OpenSSL will try to initialize the engine if this option is set to 1. If set to 0, OpenSSL will not try to initialize the engine.

default_algorithms = ALL | mechanisms

Redirect all cryptographic operations through the engine or disable types of mechanisms that the engine supports. If ALL is not used, the default_algorithms consists of a comma separated list of mechanisms : CIPHERS | DIGESTS | RSA | DH | DSA.

Only all CIPHERS and/or DIGESTS can be de/activated. Algorithms like AES can not be de/activated independently.

Control Command

IBMCA does support one optional control command:

SO_PATH: /path/to/

Replaces the current libica library by an libica library located at SO_PATH.



2017-08-24 IBM