If you are running with the Cryptographic Coprocessor Feature, this service requires that the ANSI system keys be installed on the CKDS.

The following table shows the access control points in the ICSF role that control the function of this service.

A “replicated key-halves" key (both cleartext halves of a double-length key are equal) is not as secure as a double-length key with key halves that are not the same. The key part import service verb enforces the key-halves restriction documented above when the Key Part Import - Unrestricted access control point is disabled in the ICSF role.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 48. Key part import required hardware

Server	Required cryptographic hardware	Restrictions
IBM zSeries 900	Cryptographic Coprocessor Feature	Only key type AKEK is supported ENH-ONLY, USECONFG, WRAP-ENC and WRAP-ECB not supported.
	PCI Cryptographic Coprocessor	ICSF routes all requests to the PCI Cryptographic Coprocessor except for key type of AKEK. AKEK is always processed on the Cryptographic Coprocessor Feature. Key type AKEK is not supported. ENH-ONLY, USECONFG, WRAP-ENC and WRAP-ECB not supported.
IBM zSeries 990 IBM zSeries 890	PCI X Cryptographic Coprocessor Crypto Express2 Coprocessor	AKEK key types are not supported. ENH-ONLY, USECONFG, WRAP-ENC and WRAP-ECB not supported.
IBM System z9 EC IBM System z9 BC	Crypto Express2 Coprocessor	AKEK key types are not supported. ENH-ONLY, USECONFG, WRAP-ENC and WRAP-ECB not supported.