The pass phrase initialization utility allows the casual user of ICSF to install the necessary master keys on the cryptographic coprocessors, and initialize the CKDS and PKDS with a minimal effort. This topic describes how to use this utility to get up and running quickly.

The pass phrase is case sensitive and should be chosen according to these rules:

• It can contain a minimum of 16 and a maximum of 64 characters.
• It can include any characters in the EBCDIC character set.
• It can contain imbedded blanks, but leading and trailing blanks are truncated.

The pass phrase initialization utility can initialize a new system or initialize PCICCs, PCIXCCs, CEX2Cs, or CEX3Cs that are brought online after system initialization. You cannot use this utility to change master keys. To change master keys you need to use either the master key entry panels or the TKE workstation.

Restriction: If you are running on a system with the Cryptographic Coprocessor Feature, special secure mode must be enabled.

If you plan on sharing your CKDS within your sysplex, refer to Running in a Sysplex Environment for important information. If you have a z9 EC, z9 BC, z10 EC, z10 BC, or z196 installed, there is an important restriction to consider.

Starting with release HCR7780, there are two formats of the CKDS: a fixed-length record (supported by all releases of ICSF) and a new, variable-length record (supported by HCR7780 and later releases). The pass phrase initialization utility can be used with either format of CKDS.