ICSF provides a set of callable services that allow applications to dynamically update the CKDS. Applications can use the CKDS Key Record Create service to create new records in the CKDS, the CKDS Key Record Write service to write a key token to an existing record, and CKDS Key Record Delete service to remove a record from the CKDS. These dynamic updates affect both the DASD copy of the CKDS currently in use and the in-storage copy. Another service allows an application to retrieve the key token from a record in the in-storage CKDS. That token can be used directly in subsequent CALLs to cryptographic services. The Key Part Import and Key Part Import2 callable services combines the clear key parts and returns the key value either in an internal key token or as a dynamic update to the CKDS. For more information on using the dynamic CKDS update services or the key part import services, see z/OS Cryptographic Services ICSF Application Programmer's Guide.