Changing key properties

To change a property of a key, use the zkey change command

About this task

Properties that you change with the zkey change command are updated in EKMF Web.

Some properties depend on the system, such the AP queues. These are not stored in EKMF Web.

Other properties represent the same physical entity, but need different names on different systems, for example, the same physical volume can be mounted to two Linux instances under different names. The same key can be imported on another Linux instance, to another zkey repository, under a different name.

For details about the zkey change command, see the zkey command reference in Pervasive Encryption for Data Volumes, SC34-2782, or the man page.

Procedure

  1. Optional: List the key properties.
    For example, assuming the key generated before:
    # zkey list
    Key                          : emkf-dasdb1
    -------------------------------------------------------------------------------------
            Description          : XTS key for DASD B1
            Secure key size      : 272 bytes
            Clear key size       : 512 bits
            XTS type key         : Yes
            Key type             : CCA-AESCIPHER
            Volumes              : /dev/dasdb1:enc_disk
            APQNs                : 08.002f
                                   09.002f
            Key file name        : /etc/zkey/repository/emkf-dasdb1.skey
            Sector size          : (system default)
            Volume type          : LUKS2
            Verification pattern : 709bc1e20e34f940362761141e094c65
                                   d15bc6cc177d88e7c704577df96d1484
            KMS                  : EKMFWeb
            KMS key label        : ZKEY.XTS1.00002
                                   ZKEY.XTS2.00002
            Created              : 2021-03-17 17:31:14
            Changed              : (never)
            Re-enciphered        : (never)
    
    You can change the description, the volume, the volume type, and the sector size. You cannot change the name with the change command. For how to rename a key, see Renaming a key.
  2. Specify the zkey change and the name of the key, followed by the property you want to change.
    For example, to change the key description:
    # zkey change -N emkf-dasdb1 -d "XTS key for some other DASD"

Results

The key now has the new description in the zkey repository as well as on EKMF Web:
# zkey list
Key                          : emkf-dasdb1
-------------------------------------------------------------------------------------
        Description          : XTS key for some other DASD

                ...
        Created              : 2021-03-17 17:31:14 
        Changed              : 2021-03-18 12:08:10
        Re-enciphered        : (never)