PKA Key Record List (CSNDKRL)

The PKA Key Record List verb creates a key-record-list file containing information about specified key records in PKA key-storage.

Information listed includes the type of the key, the date and time each record was created and last updated, and whether the record validation is correct.

Specify the key records to be listed using the key_label parameter. To identify multiple key records, use the wild card (*) in a key label.

Note: To list all the labels in key storage, specify the key_label parameter with *, *.*, *.*.*, and so forth, up to a maximum of seven name tokens (*.*.*.*.*.*.*).

This verb creates the PKA key-record-list file and returns the name of the file and the length of the file name to the calling application. This verb also returns the name of the security server where the file is stored. The PKA Key Record List file has a header record, followed by 0 - n detail records, where n is the number of key records with matching key labels. For information about the header and detail records, see Key-record-list datasets and records.

The PKA key-record-list file path is defined by the environment variable CSUPKALD. The default value is set to the /opt/IBM/CCA/keys/pkalist directory (assuming the directory name was not changed during installation). These list files are created under the ownership of the environment of the user that requests the list verb. Make sure the files created kept the same group ID as your installation requires. This can also be achieved by setting the set-group-id-on-execution bit on in this directory. See the g+s flags in the chmod command for full details. Not doing this might cause errors to be returned on key-record-list verbs.

PKA key records are stored in the external key-storage file defined by the CSUPKADS environment variable.

For information concerning the location of the key-record-list directory, refer to the IBM 4769 PCIe Cryptographic Coprocessor Installation Manual.

This verb does not need to document any Restrictions, Required commands, nor Usage notes.