Key Token Change2 (CSNBKTC2)
Use the Key Token Change2 verb to re-encipher a variable-length HMAC or AES key from encryption under the old master-key to encryption under the current master-key and to update the keys in internal HMAC or AES key tokens.
Note:
- An application system is responsible for keeping all of its keys in a usable form. When the master key is changed, the CEX*C implementations can use an internal key that is enciphered by either the current or the old master-key. Before the master key is changed a second time, it is important to have a key re-enciphered under the current master-key for continued use of the key. Use the Key Token Change2 verb to re-encipher such a keys.
- Previous implementations of IBM® CCA products had additional capabilities with this verb such as deleting key records and key tokens in key storage. Also, use of a wild card (*) was supported in those implementations.
This verb does not need to document any Usage notes.