Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Entering master key parts z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
You can use the Master Key Entry panels to enter clear master key parts. The way you obtain master key parts depends on the security guidelines in your enterprise. You may receive master key parts from a key distribution center or you may generate your own key parts using the ICSF random number utility. Important:
Regardless of how you get
the master key parts, make sure the key parts are
recorded and saved in a secure location. When you are entering
the key parts for the first time, be aware that you
may need to reenter these same key values at a later date to
restore master key values that have been cleared. When you enter the RSA master key (RSA-MK) the first time, the PKA callable services control is initially disabled. Once you have entered the RSA-MK and initialized the PKDS, the PKA callable services control will be enabled automatically. When you change the RSA-MK, you need to disable the PKA callable services control. To enable and disable the PKA callable services control refer to Steps for enabling and disabling PKA callable services and PKDS updates. Note:
If your system has any CEX3C coprocessors
with the Sep. 2011 or later LIC, the PKA callable services control
will not be active. To enter master key parts that you do not generate using the random number utility, continue with Steps for entering the first master key part. To begin master key entry by generating random numbers for the key parts, continue with Generating master key data for master key entry. |
Copyright IBM Corporation 1990, 2014
|