All ECC and RSA public and private keys and trusted blocks may be stored in the PKA key data set (PKDS).
You can use the PKA Key Generate callable service to update a skeleton token in the PKDS with a generated private key token.
You can program applications to use the PKDS key record create service to create new entries in the PKDS and the PKDS key record write service to enter key tokens into the PKDS.
RSA and ECC private keys can be imported from the TKE workstation and stored in the PKDS. For more information, see z/OS Cryptographic Services ICSF TKE Workstation User's Guide.
The Enterprise Key Management Foundation (EKMF) provides online key management to ICSF as well as to IBM cryptographic products on other platforms. EKMF offers centralized key management for CCA symmetric and asymmetric keys and for certificates. EKMF automates the key management process and exchanges and replaces keys and certificates on demand. Also, to assure continuous operation, EKMF maintains backup copies of all critical keys.
For additional information, contact the Crypto Competence Center at ccc@dk.ibm.com or at: https://www-304.ibm.com/jct05001c/dk/security/cccc/.