z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Usage Notes

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

RACF will be invoked to check authorization to use this service.

PKA key generate available indicates the PKA callable services are enabled and there is at least one ACTIVE coprocessor.

The options ICSFSTAT and ICSFST2 report on the state of PKA callable services. ICSFSTAT reports it in element 2. ICSFST2 reports it in elements 3 and 11. There is a subtle difference between the three options. ICSFSTAT reports PKA callable services as enabled only after the DES master key is loaded and valid. ICSFSTAT does not report PKA callable services as enabled when only the AES master key is loaded and valid. Option ICSFST2 element 3 reports PKA callable services as enabled when the DES and/or AES master key is loaded and valid. Option ICSFST2 element 11 reports PKA callable services as enabled when neither the DES nor AES master keys are loaded and valid.

Note:
If your system has CEX3C coprocessors, the PKA callable services control will not be available. The PKA callable services state will be the same as the RSA master key. If the RSA master key is active, the PKA callable services will be enabled in the ICSFSTAT and ICSFST2 reports.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 278. ICSF Query Service required hardware
ServerRequired cryptographic hardwareRestrictions
IBM eServer zSeries 900None.
IBM eServer zSeries 990

IBM eServer zSeries 890

None.
IBM System z9 EC

IBM System z9 BC

None.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014