Managing key records

You can create a new key record by generating or importing a key into it. You can also export a key out of a key record, extract a public key from a key record, view a key record's attributes, and delete a key record.

You can store any type of key that is supported by cryptographic services in a keystore file. You can add as many key records as you want in a keystore file and manage them from the IBM Navigator for i interface, or you can choose to use the Cryptographic Services APIs and control language (CL) commands.

Each record in a keystore file holds a key or a key pair. Besides the encrypted key value, the record contains the key type (for example, TDES, AES, RSA), the key size, the Key Verification Value (KVV) of the master key at the time the key value was encrypted, and a label. All fields in the keystore record are stored as CCSID 65535 except for the record label. At the time the record label was assigned, it was converted from the job CCSID or the job default CCSID to Unicode UTF-16 (CCSID 1200).