CKDS

There are four formats of the CKDS:

Large common record format (KDSRL) that is common to all key data sets.
Common record format (KDSR) that is common to all key data sets.
Variable-length record format.
Fixed-length record format.

Both common record formats for the CKDS support all symmetric key tokens and provides support for metadata for each record including tracking usage of the records. See Migrating to the common record format (KDSR) key data set for more information.

The variable length record format is only required if variable-length key tokens are to be stored in the CKDS. All fixed-length and variable-length symmetric key tokens can be stored in the variable-length record format CKDS. See Migrating the CKDS to support variable-length symmetric key tokens for more information.

In addition to supporting all symmetric key tokens, the KDSR format CKDS provides support for metadata for each record including tracking usage of the records. See Migrating to the common record format (KDSR) key data set for more information.

When new key types are added to the CKDS, the following consideration applies when sharing the CKDS:

When clear DES or AES keys are added to the CKDS, RACF-protect all clear DES and AES keys by label name on all systems sharing the CKDS.

If you have no coprocessor, you can initialize the CKDS for use with clear AES and DES data keys. This CKDS cannot be used on a system with cryptographic coprocessors.