Trusted Key Entry support

The Trusted Key Entry workstation (TKE) provides a secure method of initializing and administering cryptographic coprocessors.

It is an optional IBM z Systems® feature, but it is mandatory if z/OS® and CCA are not available on your system. Initialization of the coprocessor can be done through CCA for both the z/OS and Linux® environments, either with or without TKE. Also, you can use the TKE workstation to load DES master keys, PKA master keys, and operational keys in a secure way.

For information on which TKE version is required for managing which cryptographic coprocessor, read topic Hardware requirements.

You can load keys remotely and for multiple coprocessors, which can be in a single machine or in multiple machines. The TKE workstation eases the administration for using one coprocessor as a production machine and as a test machine at the same time, while maintaining security and reliability.

The TKE workstation can be used for enabling and disabling access control points for verbs executed on the cryptographic coprocessor. See Access control points and verbs for additional information.

For complete details about the TKE workstation, see z/OS Cryptographic Services.