The Linux on IBM Z approach

Because the CCA key storage design point for the Linux™ platform host release has always been CMK-focused, this design point was taken forward for the Linux on IBM® Z approach.

At this time, CCA host key storage does not support nor ship with an additional utility to manage the 'store-in-pending' approach to re-enciphering key tokens. This additional utility is necessary to work with use of the RTNMK keyword for Key Token Change (CSNBKTC) and PKA Key Token Change (CSNDKTC). Therefore, it is suggested that users wanting to make use of CCA host key storage management follow the 'RTCMK-focused' approach described in Key storage for traditional IBM systems other than IBM Z (RTCMK-focused: Linux, AIX, Windows).

However it is also desirable to provide as much host-support equivalence with the z/OS® approach as possible, given that the underlying system is running on an IBM Z® platform and likely to collaborate with z/OS software. Therefore, the RTNMK keyword is provided for Key Token Change (CSNBKTC) and PKA Key Token Change (CSNDKTC) to allow users who have their own utility or key storage management facility to manage key tokens using the method most familiar from z/OS: