Setting the Master Key

After the master keys have been cleared, reenter the same master keys by following these steps:
  1. Load the new P11 master key using the TKE workstation or your new RCS master key using your RCS vendor utility.
  2. Commit the new P11 master key using the TKE workstation or your new RCS master key using your RCS vendor utility.
  3. To activate the P11, RCS, or both P11 and RCS master keys you just entered, you need to set it. On the ICSF Primary Menu panel, select option 2, KDS MANAGEMENT.
    Figure 1. Selecting KDS MANAGEMENT on the ICSF primary menu panel
    HCR77C0 ------------- Integrated Cryptographic Service Facility ---------

OPTION ===>

Enter the number of the desired option.

   1  COPROCESSOR MGMT    -  Management of Cryptographic Coprocessors
   2  KDS MANAGEMENT      -  Master key set or change, KDS processing
   3  OPSTAT              -  Installation options
   4  ADMINCNTL           -  Administrative Control Functions
   5  UTILITY             -  ICSF Utilities
   6  PPINIT              -  Pass Phrase Master Key/KDS Initialization
   7  TKE                 -  TKE PKA Direct Key Load
   8  KGUP                -  Key Generator Utility processes
   9  UDX MGMT            -  Management of User Defined Extensions
  4. The Key Data Set Management panel appears. To set the P11, RCS, or both P11 and RCS master keys, select option 4, SET MK.
    Figure 2. Selecting SET MK on the Key Data Set Management panel
     CSFMKM10 ---------------- ICSF – Key Data Set Management ----------------
 OPTION ===> 
 
 Enter the number of the desired option.                                       
                                                                              
   1  CKDS MK MANAGEMENT - Perform Cryptographic Key Data Set (CKDS)
                           functions including master key management    
   2  PKDS MK MANAGEMENT - Perform Public Key Data Set (PKDS) 
                           functions including master key management   
   3  TKDS MK MANAGEMENT - Perform PKCS #11 Token Data Set (TKDS) 
                           functions including master key management     
   4  SET MK             - Set master key

    After you select option 4, ICSF checks that the states of the registers are correct. ICSF then transfers the P11, RCS, or both P11 and RCS master keys from the new master key register to the current master key register. This process sets the master key. When ICSF attempts to set the master key, it displays a message on the top right of the Key Data Set Management panel. The message indicates either that the master key was successfully set or that an error prevented the completion of the set process.

You can now change the P11, RCS, or both master key or keys, if you choose to, for security reasons. Continue with Changing the Master Key.