Key data set management
ICSF provides key stores for symmetric and asymmetric operational key tokens. Symmetric key tokens (AES, DES and HMAC) are stored in the Cryptographic Key Data Set (CKDS). Asymmetric key tokens (RSA and ECC) and trusted blocks are stored in the Public Key Data Set (PKDS).
In order to store operational key tokens encrypted under a master key in the CKDS or PKDS, the corresponding master key must be loaded into a CCA coprocessor and the coprocessor must be active. Tokens with a key value in the clear do not require a coprocessor to be available or active to store the token in the CKDS or PKDS.
This topic describes the callable services that manage key tokens
in the key stores.
- CKDS Key Record Create (CSNBKRC and CSNEKRC)
- CKDS Key Record Create2 (CSNBKRC2 and CSNEKRC2)
- CKDS Key Record Delete (CSNBKRD and CSNEKRD)
- CKDS Key Record Read (CSNBKRR and CSNEKRR)
- CKDS Key Record Read2 (CSNBKRR2 and CSNEKRR2)
- CKDS Key Record Write (CSNBKRW and CSNEKRW)
- CKDS Key Record Write2 (CSNBKRW2 and CSNEKRW2)
- Coordinated KDS Administration (CSFCRC and CSFCRC6)
- ICSF Multi-Purpose Service (CSFMPS and CSFMPS6)
- Key Data Set List (CSFKDSL and CSFKDSL6)
- Key Data Set Metadata Read (CSFKDMR and CSFKDMR6)
- Key Data Set Metadata Write (CSFKDMW and CSFKDMW6)
- Key Data Set Record Retrieve (CSFRRT and CSFRRT6)
- Key Data Set Update (CSFKDU and CSFKDU6)
- PKDS Key Record Create (CSNDKRC and CSNFKRC)
- PKDS Key Record Delete (CSNDKRD and CSNFKRD)
- PKDS Key Record Read and PKDS Key Record Read2 (CSNDKRR or CSNDKRR2 and CSNFKRR or CSNFKRR2)
- PKDS Key Record Write (CSNDKRW and CSNFKRW)