Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Using the Pass Phrase Initialization Utility z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
The pass phrase initialization utility allows the casual user of ICSF to install the necessary master keys on the cryptographic coprocessors, and initialize the CKDS and PKDS with a minimal effort. This topic describes how to use this utility to get up and running quickly. The pass phrase is case sensitive and should be chosen according to these rules:
Important:
The same pass phrase will
always produce the same master key values, and is therefore as critical
and sensitive as the master key values themselves. Make sure you save
the pass phrase so that you can later reenter it if needed (for example,
if you need to restore master key values that have been cleared).
Because of the sensitive nature of the pass phrase, make sure you
secure it in a safe place. The pass phrase initialization utility can initialize a new system or initialize PCICCs, PCIXCCs, CEX2Cs, or CEX3Cs that are brought online after system initialization. You cannot use this utility to change master keys. To change master keys you need to use either the master key entry panels or the TKE workstation. Restriction: If you are running on a system with the Cryptographic Coprocessor Feature, special secure mode must be enabled. If you plan on sharing your CKDS within your sysplex, refer to Running in a Sysplex Environment for important information. If you have a z9 EC, z9 BC, z10 EC, z10 BC, or z196 installed, there is an important restriction to consider. Starting with release HCR7780, there are two formats of the CKDS: a fixed-length record (supported by all releases of ICSF) and a new, variable-length record (supported by HCR7780 and later releases). The pass phrase initialization utility can be used with either format of CKDS. |
Copyright IBM Corporation 1990, 2014
|