Sharing master keys across cryptographic coprocessors

If you share master keys on different redundant cryptographic coprocessors, you can provide for high availability of your encrypted data.

In case of a required CCA or EP11 master key change, you must set the same master key on all used cryptographic coprocessors. In this case, generate the master key or the master key parts on one or more smart cards and use these smart cards as the source for loading the key on all cryptographic coprocessors.

For information on how to set a master key, refer to How to set an AES master key in the IBM Knowledge Center.