Adding a new key record
You can add a new key record into a keystore file. You can either have the system generate a random key value for you, or you can supply a key value. The supplied key value can be specified in the clear or encrypted.
You can add a new key record to a keystore using the New Key Record wizard from the IBM Navigator for i interface. You can either have the key automatically generated or you can specify the key value. If the specified key value is encrypted, the wizard prompts you for the location of the key for use in decrypting the key value.
To add a key record using the New Key Record wizard, follow these steps:
- Select Security from your IBM Navigator for i window.
- Select Cryptographic Services Key Management.
- Select Manage Cryptographic Keystore Files.
- Right-click the Keystore to which you want to add the key record, select OpenKeyStore to display the keystore contents.
- Click the New Key Record button.
- Follow the steps in the New Key Record wizard.
You can also use the Add Keystore File Entry (ADDCKMKSFE) CL command to add a key record with the specified clear key value or key pair. Or you can use the Generate Keystore File Entry (GENCKMKSFE) CL command to generate a random key or key pair for a key record.
Or, if you prefer to write your own application, you can use the Generate Key Record (QC3GENKR; Qc3GenKeyRecord) or Write Key Record (QC3WRTKR; Qc3WriteKeyRecord) APIs.