Redirect type-specific key storage verbs to the CMB key storage verbs

Starting with CCA release 8.1, you can store and manage all key types (DES, AES, and PKA) in the CMB key storage (combined key storage). You may migrate all the DES, AES, and PKA keys from their type-specific key storage into the CMB key storage and automatically redirect all type-specific key-storage management actions to the CMB key storage.

You can perform the migration of keys from their type-specific storage to the combined key storage using the panel.exe utility. See Using panel.exe to migrate keys to CMB key storage for more details.

Once the keys are migrated into the CMB key storage, two options are available for future key management operations. The first option is to switch to using the CMB verbs to manage keys by changing existing applications to apply the new CMB-specific verbs. The second option is to set the associated redirect environment variables to Y or y, which enables continued use of the type-specific key storage verbs. By setting one or more of the environment variables, the type-specific key storage verbs are redirected internally to the CMB verbs. The following environment variables control the redirect operations:

  • export DES_USE_CMB_KS=Y

    Redirects DES key-store specific verbs (for example, CSNBKRR or CSNBKRW) to the CMB verbs.

  • export AES_USE_CMB_KS=y

    Redirects AES key-store specific verbs (for example, CSNBAKRC or CSNBAKRD) to the CMB verbs.

  • export PKA_USE_CMB_KS=Y

    Redirects PKA key-store specific verbs (for example, CSNDKRL or CSNDKRR) to the CMB verbs.

Note: The redirect environment variables must be set prior to the CCA library initialization. That is, they must be set before the start of an application or program, not within the application or program. Otherwise CCA does not notice the redirect change, and continues to use the type-specific key-store verbs.