If you are using RACF or a similar security product, ensure that the security administrator authorizes ICSF to use these services and any cryptographic keys that are input. For information about ICSF callable services, see Introducing Symmetric Key Cryptography and Using Symmetric Key Callable Services in z/OS Cryptographic Services ICSF Application Programmer's Guide.
Follow these steps to manage keys in the PKDS.
Select option 6, PKDSKEYS, on the ICSF Utilities panel as shown in Figure 1.
CSFUTL00 ---------------- ICSF - Utilities --------------------------
OPTION ===> 6
Enter the number of the desired option.
1 ENCODE - Encode data
2 DECODE - Decode data
3 RANDOM - Generate a random number
4 CHECKSUM - Generate a checksum and verification and
hash pattern
5 PPKEYS - Generate master key values from a pass phrase
6 PKDSKEYS - Manage keys in the PKDS
7 PKCS11 TOKEN - Manage PKCS11 tokens
Press ENTER to go to the selected option.
Press END to exit to the previous menu. CSFPKY00 ---------------- ICSF - PKDS Keys --------------------------
COMMAND ===>
Enter the RSA record's label for the actions below
==>
Select one of the following actions then press ENTER to process:
- Generate a new RSA key pair record
Enter the key length ===> 512, 1024, 2048, 3072 or 4096
Enter Private Key Name (optional)
==>
- Delete the existing public key or key pair RSA record
- Export the RSA record's public key to a certificate data set
Enter the DSN ===>
Enter desired subject's common name (optional)
CN=
- Create a RSA public key record from an input certificate.
Enter the DSN ===>From this panel you can manage RSA key entries in the PKDS. To create a new record or manage an existing PKDS record, supply the PKDS key label and then select an action.