Updating the PKDS with the ECC master key

On systems that support the ECC master key, you can add the ECC master key to any existing PKDS. It is also possible to add the RSA master key to a PKDS that was initialized with only the ECC master key.

There are two options for updating the PKDS on the PKDS Operations panel.
These are the steps to update the PKDS:
  1. Load the new ECC master key by using the master key entry panels or by using TKE. The ECC master key must be loaded on all active coprocessors.
  2. From the ICSF Primary Menu panel, select option 2, MASTER KEY MGMT.
  3. From the CSFMKM10 — Key Data Set Management panel, select option 2 for PKDS MK MANAGEMENT.
  4. The CSFMKM30 — PKDS Management panel appears, select option 1, PKDS OPERATIONS.
  5. The CSFCKD30 — PKDS Operations panel appears. In the PKDS field, enter the name of an existing, initialized PKDS.
  6. If updating multiple PKDS, for all but the last PKDS, choose option 3, Update an existing PKDS, and press ENTER. ICSF will check the status of the new master key registers and the master key verification pattern of the master key is written to the PKDS header record.
    Note: All the PKDSs that you wish to update should be processed prior to going to step 6.
  7. If updating the last or only PKDS, choose option 4, Update an existing PKDS and activate master keys, and press ENTER. ICSF will check the status of the new master key registers and that the master key verification pattern of the master key is written to the PKDS header record. The PKDS will become the active PKDS and set the master key.
Parent topic: PKDS