PKDS

You can use either the dynamic PKDS update services, PKDS Key Management panels, the TKE workstation, or Enterprise Key Management Foundation (EKMF) to generate and enter keys into the PKDS or to maintain keys already existing in the PKDS. The keys are stored in records. A record exists for each key that is stored in the PKDS.

A record in the PKDS is called a key entry and has a label associated with it. When you call some ICSF callable services, you specify a key label as a parameter to identify the key for the callable service to use.

Use the dynamic PKDS update services in applications to create entries, change the key value of an entry, and delete entries in the PKDS.

You can use SAF to control which applications can use specific keys and services. For more information, see System authorization facility (SAF) controls.

One or more resource profiles in the XFACILIT class define your Key Store Policy. A Key Store Policy consists of a number of controls that collectively determine how encrypted key tokens defined in the PKDS can be accessed and used.

Parent topic: Maintaining cryptographic keys