Using panel.exe to migrate keys to CMB key storage

Edit online

Use the panel.exe utility to migrate existing AES, DES, and PKA keys from their type-specific key-stores into the combined key storage (CMB). After migration, you can perform future operations on those keys using the CMB verbs or by configuring the environment to use the redirect feature, which when activated, redirects type-specific key-store verbs calls to the CMB key storage verbs.

To migrate all the keys in a designated type-specific key storage file into the combined key storage (CMB), use one or more of the following commands:

Example:


# /opt/IBM/CCA/bin/panel.exe --ks-migrate --ks-type=DES
# /opt/IBM/CCA/bin/panel.exe --ks-migrate --ks-type=AES
# /opt/IBM/CCA/bin/panel.exe --ks-migrate --ks-type=PKA

For example, when migrating keys from the AES key storage, this results in output similar to the following: 


>>>> Migrate from [AES] key storage:
       Disk Storage file [CSUAESDS = /opt/IBM/CCA/keys/aes.key]

>>>> To the [CMB] key storage:
       Disk Storage file [CSUCMBDS = /opt/IBM/CCA/keys/cmb.key]

>> Key Storage list output file:
               [ /opt/IBM/CCA/keys/aeslist/kyrlt001.lst ]
>> has [13] records:
key [0] GOOD, (AES.KL16.0TOF) - Attempting to migrate
key [0] MIGRATED [AES] KEY (AES.KL16.0TOF) into Combined Key Storage

key [1] GOOD, (AES.KL34.DATA.INT.KGN) - Attempting to migrate
key [1] MIGRATED [AES] KEY (AES.KL34.DATA.INT.KGN) into Combined Key Storage

key [2] GOOD, (AES.KL24.CLR.DATA.INT) - Attempting to migrate
key [2] MIGRATED [AES] KEY (AES.KL24.CLR.DATA.INT) into Combined Key Storage

key [3] GOOD, (AES.KL24.0TOF) - Attempting to migrate
key [3] MIGRATED [AES] KEY (AES.KL24.0TOF) into Combined Key Storage
...

Once the keys are migrated into the CMB key storage, two options are available for future key management operations. The first option is to switch to using the CMB verbs to manage keys by changing existing applications to apply the new CMB-specific verbs. The second option is to set the associated redirect environment variables to Y or y, which enables continued use of the type-specific key storage verbs. By setting one or more of the environment variables, the type-specific key storage verbs are redirected internally to the CMB verbs. For more information, read Redirect type-specific key storage verbs to the CMB key storage verbs.