AES Key Record List (CSNBAKRL)
The AES Key Record List verb creates a key-record-list file containing information about specified key records in key storage.
Information listed includes the type of the key, the date and time each record was created and last updated, and whether the record validation is correct.
Specify the key records to be listed using the key-label variable. To identify multiple key records, use the wild card (*) in the key label.
- To list all the labels in key storage, specify the key_label parameter with *, *.*, *.*.*, and so forth, up to a maximum of seven name tokens (*.*.*.*.*.*.*).
- AES key records are stored in the external key-storage file defined by the CSUAESDS environment variable.
This verb creates the AES key-record-list file and returns the name of the file and the length of the file name to the calling application. This file has a header record, followed by 0 - n detail records, where n is the number of key records with matching key-labels. For information about the header and detail records, see Key-record-list datasets and records.
The AES key-record-list file path is defined by the environment variable CSUAESLD. The default value is set to /opt/IBM/CCA/keys/aeslist directory (assuming the directory name was not changed after installation). These list files are created under the ownership of the environment of the user that requests the list service. Make sure the files created kept the same group ID as your installation requires. This can also be achieved by setting the 'set-group-id-on-execution' bit on in this directory. See the g+s flags in the chmod command for full details. Not doing this might cause errors to be returned on key-record-list verbs.
This verb does not need to document any Required commands, Restrictions, nor Usage notes.