Managing key storage

Edit online

The CNM utility enables basic key storage management functions for keys. These utility functions do not form a comprehensive key management system.

Application programs are better suited to perform repetitive key management tasks.

Key storage is a repository of keys that you access by key label using labels that you or your applications define. Data Encryption Standard (DES) keys, Public Key Algorithm (PKA) Rivest-Shamir-Adleman (RSA) keys, and Advanced Encryption Standard (AES) keys are held in separate storage systems. Also the key storage has limited internal storage for PKA keys. The coprocessor stored keys are not considered part of key storage in this discussion.

Notes:
  1. If your server has multiple cryptographic coprocessors that are loaded with CCA, those coprocessors must have identical master keys installed for key storage to work properly.
  2. The CNM utility displays a maximum of 1,000 key labels. If you have more than 1,000 key labels in key storage, use an application program to manage them.