The key Generate callable service generates a single DES or AES key or a pair of DES keys. The Key Generate2 callable service generates a single AES or HMAC key or a pair of AES or HMAC keys. Unlike KGUP, the key generate callable service does not store the keys in the CKDS, but returns them to the application program that called the service. The application program can then call the dynamic CKDS update service to store the keys in the CKDS.
Use of these callable services is optional and should be enabled as required for authorized usage. Enabling these callable services is not recommended for production and usage requires special consideration.
For more information about these callable services, see z/OS Cryptographic Services ICSF Application Programmer's Guide.