Archiving and recalling a record in a key data set

Key administrators can mark a record as archived. ICSF generates an audit record when the record is archived and whenever an archived record is referenced by an application. The administrator can specify whether the request to reference an archived record will succeed or fail. A key is referenced when it is used to perform a cryptographic operation or read, such that the retrieved token may have been used in a cryptographic operation.
Note: Only the KDSR format of the key data sets support archiving records. Your existing data sets can be converted to the KDSR format using the Coordinated KDS Administration callable service in z/OS Cryptographic Services ICSF Application Programmer's Guide. If you do not need metadata support for all of your key data sets, you can convert only those data sets which need metadata support.

To archive a record, the record archive flag must be enabled using the Key Data Set Metadata Write service. A SMF type 82 record is generated. The record remains in the key data set. The record can be deleted by the Key Record Delete services. The key material and metadata are deleted when the record is deleted.

To recall an archived record, the record archive flag must be disabled using the Key Data Set Metadata Write service. A SMF type 82 record is generated.

If an application attempts to use an archived record, a SMF type 82 record is generated. The XFACILIT resource CSF.KDS.KEY.ARCHIVE.USE control (see Key Store Policy) determines whether the service request succeeds or fails. If the key archive use control is enabled, the request is allowed to succeed and the return code reflects the processing of the service. If the key archive use control is disabled, the request fails with a return code of 8 and a reason code indicating a record was archived.

In addition to the key archive use control, the key archive message control (KEYARCHMSG keyword in the options data set) causes a joblog message to be issued the first time an archived record is successfully used by an application.