ICT023I KEY label HAS INCORRECT PARITY
Explanation
The key-encrypting key identified by label has been read from the cryptographic key data set (CKDS) by the key manager and the key manager has determined that the clear form of the key has bad parity.
This situation can occur if there is a problem with the CKDS. It can also occur when the CKDS used to initialize the host master key in storage has been replaced by a CKDS that contains a different host master key but storage was not reinitialized. Storage is initialized the first time you start the Programmed Cryptographic Facility or run the key generator utility program after an IPL. It is reinitialized when the key generator utility program is used to change the host master key (CHGM function).
System action
Key manager processing ends.
Operator response
Notify the system programmer.
System programmer response
If the CKDS was replaced, compare the two output listings produced by running the key generator utility program: one when setting the host master key in the CKDS that is currently on the system and the other when setting the host master key in the CKDS that was used to initialize storage.
- Replace the CKDS on the system with a CKDS that contains the same host master key as the one in storage. To replace the data set, stop the Programmed Cryptographic Facility and restart it with an operator START command that specifies the name of the CKDS that contains the correct value for the host master key. Rerun the job that failed.
- Reinitialize storage so that the value of the host master key in storage matches the value in the CKDS currently on the system. To reinitialize storage, you can re-IPL the system and restart the Programmed Cryptographic Facility with an operator START command that specifies the name of the CKDS currently on the system. Or, you can reinitialize storage with the key generator utility program, using the CHGM function and specifying a host master key value that matches the value on the current CKDS. To run the key generator utility program, stop the Programmed Cryptographic Facility, run the utility when there are no cryptographic sessions or jobs running on the system, and restart the facility. Rerun the job that failed.
If host master keys are identical, or if the CKDS was not replaced, use a backup copy of the CKDS. Stop the Programmed Cryptographic Facility and restart it specifying the name of the backup CKDS in the START command. Do not use the original data set again. Rerun the job that failed.
Source
Programmed Cryptographic Facility (PCF)
Routing code
9
Descriptor code
4