The Public Key Data Set (PKDS) is a repository for DSS, ECC, and RSA public and private keys and trusted blocks. An application can store keys in the PKDS and refer to them by label when using any of the callable services which accept public key tokens as input. The PKDS update callable services provide support for creating and writing records to the PKDS and reading and deleting records from the PKDS.

PKDS Key Record Create Callable Service (CSNDKRC and CSNFKRC)

This service accepts an RSA, DSS, or ECC private key token in either external or internal format, or an RSA, DSS, or ECC public key token or trusted blocks and writes a new record to the PKDS. An application can create a null token in the PKDS by specifying a token length of zero. The key label must be unique.

PKDS Key Record Delete Callable Service (CSNDKRD and CSNFKRD)

This service deletes a record from the PKDS. An application can specify that the entire record be deleted, or that only the contents of the record be deleted. If only the contents of the record are deleted, the record will still exist in the PKDS but will contain only binary zeros. The key label must be unique.

PKDS Key Record Read Callable Service (CSNDKRR and CSNFKRR)

This service reads a record from the PKDS and returns the contents of that record to the caller. The key label must be unique.

PKDS Key Record Write Callable Service (CSNDKRW and CSNFKRW)

This service accepts an RSA, DSS, or ECC private key token in either external or internal format, or an RSA, DSS, or ECC public key token or trusted blocks and writes over an existing record in the PKDS. An application can check the PKDS for a null record with the label provided and overwrite this record if it does exist. Alternatively, an application can specify to overwrite a record regardless of the contents of the record.