Steps for creating ADD, UPDATE, or DELETE control statements

When you select Maintain (option 1) on the KGUP Control Statement Menu panel, the Create ADD, UPDATE, or DELETE Key Statement panel appears. See Figure 1.

 CSFCSE10----- ICSF - Create ADD, UPDATE, or DELETE Key Statement ------------
 Specify control statement information below

    Function ===> ______     ADD, UPDATE, or DELETE
    Algorithm ===> DES   DES or AES  
    Key Type ===> ________    Outtype ===> ________    (Optional)
    Label ===> ________________________________________________________________
     Group Labels  ===> NO_   NO or YES
  or Range:
    Start ===> ________________________________________________________________
    End   ===> ________________________________________________________________

     Transport Key Label(s)
          ===> ________________________________________________________________
          ===> ________________________________________________________________
  or Clear Key               ===> NO_        NO or YES

    Control Vector ===> YES  NO or YES        
    Length of Key  ===> ___  8, 16 or 24      For AES:  16, 24, or 32
    Key Values     ===> 
      ________________ ,_______________ ,________________,_____________________
    Comment Line   ===> _______________________________________________________

 Press ENTER to create and store control statement
 Press END   to exit to the previous panel without saving

1. On the panel, fill out the fields to create the ADD, UPDATE, or DELETE control statement that you want KGUP to process. Each field on the panel corresponds to a control statement keyword. The panel helps you to create a complete, syntactically correct ADD, UPDATE, or DELETE control statement.

   The panel creates control statements according to the syntax described in Syntax of the ADD and UPDATE control statements. See that topic for more information about the control statement keywords.

2. In the Function field, select the function you want KGUP to perform.

   Function

   Result

   ADD

   Enter new key entries in the CKDS. Generate and receive key values for key distribution.

   UPDATE

   Change existing entries in the CKDS. Generate and receive key values for key distribution.

   DELETE

   Remove entries from the CKDS.

   You can just type the first letter of the function in the first position in a field on the panel. For example, in Figure 2, a was entered in the Function field to specify the ADD function. ICSF recognizes the abbreviation.

   For a description of the keywords you must specify for each function, see Using the ADD and UPDATE control statements for key management and distribution functions.

   Figure 2. Selecting the ADD Function on the Create ADD, UPDATE, or DELETE Key Statement Panel

    -------------- ICSF - Create ADD, UPDATE, or DELETE Key Statement ------------
    Specify control statement information below
   
       Function ===> add___     ADD, UPDATE, or DELETE
       Algorithm ===> DES   DES or AES   
       Key Type ===> ________    Outtype ===> ________    (Optional)
       Label ===> ________________________________________________________________
        Group Labels  ===> NO_   NO or YES
     or Range:
       Start ===> ________________________________________________________________
       End   ===> ________________________________________________________________
   
        Transport Key Label(s)
             ===> ________________________________________________________________
             ===> ________________________________________________________________
     or Clear Key               ===> NO_        NO or YES
   
       Control Vector ===> YES  NO or YES        
       Length of Key  ===> ________________      For AES:  16, 24, or 32
       Key Values     ===> 
         ________________ ,_______________ ,________________,_____________________
       Comment Line   ===> _______________________________________________________
   
    Press ENTER to create and store control statement
    Press END   to exit to the previous panel without saving       

3. In the Key Type field, enter the type of key you want KGUP to process with the control statement. This field represents the TYPE keyword on the control statement.

   If you leave the Key Type Field blank and press ENTER, the Key Type Selection panel appears. See Figure 3.

   Figure 3. Selecting a Key on the Key Type Selection Panel

    CSFCSE12-------- ICSF - Key Type Selection Panel ----  ROW 1 TO 13 OF 11
    COMMAND ===>                                                  SCROLL ===> PAGE
   
    Select one key type only
        KEY TYPE      DESCRIPTION
   
       CIPHER     Data encryption/decryption key
       CIPHERXI   Input cipher text transaction key
       CIPHERXL   Cipher text transaction key
       CIPHERXO   Output cipher text transaction key
       CLRAES     Clear AES encryption/decryption key
       CLRDES     Clear DES encryption/decryption key   
       DATA       Encryption/Decryption key
       DATAM      Double-length MAC generation key
       DATAMV     Double-length MAC verification key
       DECIPHER   Data decryption key
       DKYGENKY   Diversified key-generating key
       ENCIPHER   Data encryption key
       EXPORTER   Export key encrypting key
       IMPORTER   Import key encrypting key
       IMPPKA     Limited authority key encrypting key
       IPINENC    Input PIN encrypting key
       MAC        MAC generate key
       MACVER     MAC verify key
       NULL       Dummy CKDS records
       OPINENC    Output PIN-encrypting key
       PINGEN     PIN generation key
       PINVER     PIN verification key
   ********************************BOTTOM OF DATA*********************************
   
   
   
    

   1. Type s to the left of the key type you want to specify from the displayed list of key types.

      In Figure 3, the exporter key is selected.

   2. When you have specified a key type, press ENTER to return to the Create ADD, UPDATE, or DELETE Key Statement panel, as shown in Figure 4.
   Figure 4. Completing the Create ADD, UPDATE, or DELETE Key Statement Panel

    -------------- ICSF - Create ADD, UPDATE, or DELETE Key Statement ------------
    Specify control statement information below
   
       Function ===> ADD___     ADD, UPDATE, or DELETE
       Algorithm ===> DES   DES or AES  
       Key Type ===> EXPORTER    Outtype ===> ________    (Optional)
       Label ===> ATMBRANCH5M0001_________________________________________________
        Group Labels  ===> NO_   NO or YES
     or Range:
       Start ===> ________________________________________________________________
       End   ===> ________________________________________________________________
   
        Transport Key Label(s)
             ===> tkatmbranch5m0001_______________________________________________
             ===> ________________________________________________________________
     or Clear Key               ===> NO_        NO or YES
   
       Control Vector ===> YES  NO or YES        
       Length of Key  ===> 16_  8, 16 or 24      For AES: ________________________
       Key Values     ===> 
         ________________ ,_______________ ,________________,_____________________
       Comment Line   ===> export test key _______________________________________
   
    Press ENTER to create and store control statement
    Press END   to exit to the previous panel without saving   

   If you abbreviated the control statement function, the function now appears in its full form. The type of key you selected on the Key Type Selection panel appears in the Key Type field.

4. Specify either a label or range to identify the label of the key entry in the CKDS that you want KGUP to process.
   The Label field represents the LABEL keyword on the control statement. The Range field represents the RANGE keyword on the control statement. In the Range fields, specify the first and last label in a range of labels you want KGUP to process.

   Table 1. Selecting range and label options

   Option	Steps
   To have KGUP process only one key label	Specify the key label in the Label field. Type NO in the Group Labels field.
   To have KGUP process more than one key label	Specify the first label in the Label field. Type YES in the Group Labels field.

5. Specify either a transport key label or YES in the Clear Key field.

   The Transport Key Label field represents the TRANSKEY keyword on the control statement. The Clear Key field represents the CLEAR keyword. These keywords are mutually exclusive.

   When KGUP generates a key, the program places the key value in a data set so you can send the value to another system. The other system uses the value to create the complement of the key. You send the key value as either a clear key value or a key value encrypted under a transport key.

   When KGUP imports a key value, the program may import a clear or encrypted key value. KGUP decrypts the encrypted key value from under the transport key that you specify in the Transport Key Label field.

   Table 2. Selecting the Transport Key Label and Clear Key Label Options

   Option	Steps
   To have KGUP generate a key other than an importer key and encrypt the key value	Specify the label of the transport key you want KGUP to use to encrypt the key in the Transport Key Label field. Type NO in the Clear Key field.
   To have KGUP generate a key other than an importer key and leave the key value in the clear	Leave the Transport Key Label field blank Type YES in the Clear Key field.
   To have KGUP import an encrypted key	Specify the label of the transport key you want KGUP to use to dencrypt the key in the Transport Key Label field. Type NO in the Clear Key field.
   To have KGUP import a clear key	Leave the Transport Key Label field blank Type YES in the Clear Key field.

6. Specify either YES or NO in the Control Vector field.

   Usually the cryptographic facility exclusive ORs a transport key with a control vector prior to the transport key encrypting a key. However, if your system is exchanging keys with a system like PCF that does not use control vectors, you need to specify that no control vector be used. If you want KGUP to generate a transport key that uses a control vector, type YES in the Control Vectors field. Otherwise type NO. If you type NO in this field, the control statement contains the NOCV keyword.

7. If you want KGUP to work with a single-length key in its processing, type YES in the Length of Key field. Otherwise, type NO. If you type YES in the field, the control statement contains the LENGTH keyword.
8. If you are entering a key value, enter the key value in the Key Values field.

   You enter the value as three values if the key is a triple-length key, two values if the key is a double-length key, or as one value if the key is a single-length key. The Key Values field represents the KEY keyword on the control statement.

9. In the Comment Line field, you can enter up to 45 characters of information about the control statement. The information appears as a comment that precedes the control statement in the input control statement data set.
10. When you enter all the information on this panel, press ENTER.

    If you entered YES in the Group Labels field, the Group Label panel appears. See Figure 5.

    Figure 5. Specifying Multiple Key Labels on the Group Label Panel

     CSFCSE11 ----------------- ICSF - Group Label Panel ------------------
     COMMAND ===>
    
     First label:
    
       ATMBRANCH5M0001_________________________________________________
    
     Enter at least one other label:
    
       ATMBRANCH5M0020_________________________________________________
       ATMBRANCH5M0030_________________________________________________
       ATMBRANCH5M0050_________________________________________________
       ________________________________________________________________
       ________________________________________________________________
       ________________________________________________________________
       ________________________________________________________________
       ________________________________________________________________
       ________________________________________________________________
    
    
    
    
     Press ENTER to add more labels or create and store control statement
     Press END   to exit to the previous panel without saving

    1. Enter any additional key labels you want KGUP to process with the control statement.

       The first label you entered in the Label field of the Create ADD, UPDATE, or DELETE Key Statement panel appears at the top of this panel. If you enter duplicate labels, an error message appears on the right side of the panel and the cursor appears on the duplicate label. If the syntax of the label is incorrect, an error message appears and the cursor appears on the incorrect label.

    2. If you have more labels than will fit on this panel, press the ENTER key when you have filled each line on the panel. An additional Group Label Panel appears. Type the remaining labels and press ENTER.

       ICSF writes the control statement to the input control statement data set. You return to the Create ADD, UPDATE, or DELETE Key Statement panel.

    If you entered NO in the Group Labels field, you do not access the Group Label panel. You remain on the Create ADD, UPDATE, or DELETE Key Statement panel.

11. Press ENTER to have ICSF write the control statement in the input control statement data set.

    If a specification in any field is incorrect, when ICSF processes the control statement it displays an appropriate message on the top line of the panel. The cursor then appears in the field with the error. To display the long version of the error message at the bottom of the panel, press the HELP key (F1). If you correct the error and press ENTER again, ICSF writes the control statement to the control statement input data set.

    If a control statement was created, the message SUCCESSFUL UPDATE appears on the right side of the top line of the panel, as shown in Figure 6.

    Figure 6. Create ADD, UPDATE, or DELETE Key Statement Panel Showing Successful Update

     -------------- ICSF - Create ADD, UPDATE, or DELETE Key Statement ------------
     Specify control statement information below
    
        Function ===> ADD___     ADD, UPDATE, or DELETE
        Algorithm ===> DES   DES or AES  
        Key Type ===> EXPORTER    Outtype ===> ________    (Optional)
        Label ===> ATMBRANCH5M0001_________________________________________________
         Group Labels  ===> NO_   NO or YES
      or Range:
        Start ===> ________________________________________________________________
        End   ===> ________________________________________________________________
    
         Transport Key Label(s)
              ===> TKATMBRANCH5M0001_______________________________________________
              ===> ________________________________________________________________
      or Clear Key               ===> NO_        NO or YES
    
        Control Vector ===> YES  NO or YES      
        Length of Key  ===> 16 8, 16 or 24      For AES:  _________________________
        Key Values     ===> 
          ________________ ,_______________ ,________________,_____________________
        Comment Line   ===> EXPORT TEST KEY________________________________________
    
     Press ENTER to create and store control statement
     Press END   to exit to the previous panel without saving

12. If you want to create another ADD, UPDATE, or DELETE control statement, enter new information in the fields to create the control statement.
13. When you specify the information, press ENTER to place the control statement in the control statement input data set.
14. If you do not want to create another ADD, UPDATE, or DELETE control statement, press END to return to the KGUP Control Statement Menu panel.