RDEFINE CSFSERV profile-name UACC(NONE)
other-optional-operands
Where profile-name is the profile used to protect the resource. Table 1 lists the resources used by ICSF and PKDS #11 callable services. Table 2 shows the resource names used by ICSF TSO panels, utilities, and compatibility services for PCF macros.
To determine which services are used by PKCS #11 services, see 'Controlling access to tokens' in Chapter 1 of z/OS Cryptographic Services ICSF Writing PKCS #11 Applications. Users must be SAF authorized to the CSFSERV profile for these service for PKCS #11 services to execute.
Resource name | Callable service names | Callable service description |
---|---|---|
CSFAPG | CSNBAPG |
Authentication Parameter Generate |
CSFCKC | CSNBCKC |
CVV Key Combine |
CSFCKI | CSNBCKI |
Clear Key Import |
CSFCKM | CSNBCKM |
Multiple Clear Key Import |
CSFCPA | CSNBCPA |
Clear PIN Generate Alternate |
CSFCPE | CSNBCPE |
Clear PIN Encrypt |
CSFCRC | CSFCRC |
Coordinated KDS Administration |
CSFCSG | CSNBCSG |
VISA CVV Service Generate |
CSFCSV | CSNBCSV |
VISA CVV Service Verify |
CSFCTT2 | CSNBCTT2 |
Ciphertext Translate2 |
CSFCTT3 | CSNBCTT3 |
Ciphertext Translate2 (with ALET) |
CSFCVE | CSNBCVE |
Cryptographic Variable Encipher |
CSFCVT | CSNBCVT |
Control Vector Translate |
CSFDCO | CSNBDCO |
Decode |
CSFDEC | CSNBDEC |
Decipher |
CSFDEC1 | CSNBDEC1 |
Decipher (with ALET) |
CSFDKG | CSNBDKG |
Diversified Key Generate |
CSFDKG2 | CSNBDKG2 |
Diversified Key Generate2 |
CSFDKM | CSNBDKM |
Data Key Import |
CSFDKX | CSNBDKX |
Data Key Export |
CSFDMP | CSNBDMP |
DK Migrate PIN |
CSFDPC | CSNBDPC |
DK PIN Change |
CSFDPCG | CSNBDPCG |
DK PRW CMAC Generate |
CSFDDPG | CSNBDDPG |
DK Deterministic PIN Generate |
CSFDPMT | CSNBDPMT |
DK PAN Modify in Transaction |
CSFDPNU | CSNBDPNU |
DK PRW Card Number Update |
CSFDPT | CSNBDPT |
DK PAN Translate |
CSFDRP | CSNBDRP |
DK Regenerate PRW |
CSFDPV | CSNBDPV |
DK PIN Verify |
CSFDRPG | CSNBDRPG |
DK Random PIN Generate |
CSFDSG | CSNDDSG |
Digital Signature Generate |
CSFDSV | CSNDDSV |
Digital Signature Verify |
CSFECO | CSNBECO |
Encode |
CSFEDH | CSNDEDH |
ECC Diffie-Hellman |
CSFENC | CSNBENC |
Encipher |
CSFENC1 | CSNBENC1 |
Encipher (with ALET) |
CSFEPG | CSNBEPG |
Encrypted PIN Generate |
CSFFPED | CSNBFPED |
FPE Decipher |
CSFFPEE | CSNBFPEE |
FPE Encipher |
CSFFPET | CSNBFPET |
FPE Translate |
CSFHMG | CSNBHMG |
HMAC Generate |
CSFHMG1 | CSNBHMG1 |
HMAC Generate (with ALET) |
CSFHMV | CSNBHMV |
HMAC Verify |
CSFHMV1 | CSNBHMV1 |
HMAC Verify (with ALET) |
CSFIQA | CSFIQA |
ICSF Query Algorithm |
CSFIQF | CSFIQF |
ICSF Query Facility |
CSFKDSL | CSFKDSL |
Key Data Set List |
CSFKDMR | CSFKDMR |
Key Data Set Metadata Read |
CSFKDMW | CSFKDMW |
Key Data Set Metadata Write |
CSFKEX | CSNBKEX |
Key Export |
CSFKGN | CSNBKGN |
Key Generate |
CSFKGN2 | CSNBKGN2 |
Key Generate2 |
CSFKIM | CSNBKIM |
Key Import |
CSFKPI | CSNBKPI |
Key Part Import |
CSFKPI2 | CSNBKPI2 |
Key Part Import2 |
CSFKRC | CSNBKRC |
Key Record Create |
CSFKRC2 | CSNBKRC2 |
Key Record Create2 |
CSFKRD | CSNBKRD |
Key Record Delete |
CSFKRR | CSNBKRR |
Key Record Read |
CSFKRR2 | CSNBKRR2 |
Key Record Read2 |
CSFKRW | CSNBKRW |
Key Record Write |
CSFKRW2 | CSNBKRW2 |
Key Record Write2 |
CSFKTR | CSNBKTR |
Key Translate |
CSFKTR2 | CSNBKTR2 |
Key Translate2 |
CSFKYT | CSNBKYT |
Key Test |
CSFKYT2 | CSNBKYT2 |
Key Test2 |
CSFKYTX | CSNBKYTX |
Key Test Extended |
CSFMDG | CSNBMDG |
MDC Generate |
CSFMDG1 | CSNBMDG1 |
MDC Generate (with ALET) |
CSFMGN | CSNBMGN |
MAC Generate |
CSFMGN1 | CSNBMGN1 |
MAC Generate (with ALET) |
CSFMGN2 | CSNBMGN2 |
MAC Generate2 |
CSFMGN3 | CSNBMGN3 |
MAC Generate2 (with ALET) |
CSFMPS | CSFMPS |
ICSF Multi-Purpose Service |
CSFMVR | CSNBMVR |
MAC Verify |
CSFMVR1 | CSNBMVR1 |
MAC Verify (with ALET) |
CSFMVR2 | CSNBMVR2 |
MAC Verify2 |
CSFMVR3 | CSNBMVR3 |
MAC Verify2 (with ALET) |
CSFOWH1 | CSNBOWH |
One-Way Hash Generate and PKCS #11 One-way hash, sign, or verify |
CSFOWH1 1 | CSNBOWH1 |
One-Way Hash Generate (with ALET) |
CSFPCI | CSFPCI |
PCI Interface Callable Service |
CSFPCU | CSNBPCU |
PIN Change/Unblock |
CSFPEX | CSNBPEX |
Prohibit Export |
CSFPEXX | CSNBPEXX |
Prohibit Export Extended |
CSFPFO | CSNBPFO |
Recover PIN From Offset |
CSFPGN | CSNBPGN |
Clear PIN Generate |
CSFPKD | CSNDPKD |
PKA Decrypt |
CSFPKE | CSNDPKE |
PKA Encrypt |
CSFPKG | CSNDPKG |
PKA Key Generate |
CSFPKI | CSNDPKI |
PKA Key Import |
CSFPKRC | CSNDKRC |
PKDS Record Create |
CSFPKRD | CSNDKRD |
PKDS Record Delete |
CSFPKRR | CSNDKRR |
PKDS Record Read |
CSFPKRW | CSNDKRW |
PKDS Record Write |
CSFPKT | CSNDPKT |
PKA Key Translate |
CSFPKTC | CSNDKTC |
PKA Key Token Change |
CSFPKX | CSNDPKX |
PKA Public Key Extract |
CSFPTR | CSNBPTR |
Encrypted PIN Translate |
CSFPVR | CSNBPVR |
Encrypted PIN Verify |
CSFRKA | CSNBRKA |
Restrict Key Attribute |
CSFRKD | CSNDRKD |
Retained Key Delete |
CSFRKL | CSNDRKL |
Retained Key List |
CSFRKX | CSNDRKX |
Remote Key Export |
CSFRNG2 | CSNBRNG |
Random Number Generate (returning an 8-byte random number) and PKCS #11 Pseudo-random function |
CSFRNGL2 | CSNBRNGL |
Random Number Generate (returning a random number of a length specified by the caller) |
CSFSAD | CSNBSAD |
Symmetric Algorithm Decipher |
CSFSAD1 | CSNBSAD1 |
Symmetric Algorithm Decipher (with ALET) |
CSFSAE | CSNBSAE |
Symmetric Algorithm Encipher |
CSFSAE1 | CSNBSAE1 |
Symmetric Algorithm Encipher (with ALET) |
CSFSBC | CSNDSBC |
SET Block Compose |
CSFSBD | CSNDSBD |
SET Block Decompose |
CSFSKI | CSNBSKI |
Secure Key Import |
CSFSKI2 | CSNBSKI2 |
Secure Key Import2 |
CSFSKM | CSNBSKM |
Multiple Secure Key Import |
CSFSKY | CSNBSKY |
Secure Messaging for Keys |
CSFSPN | CSNBSPN |
Secure Messaging for PINs |
CSFSXD | CSNDSXD |
Symmetric Key Export with Data |
CSFSYG | CSNDSYG |
Symmetric Key Generate |
CSFSYI | CSNDSYI |
Symmetric Key Import |
CSFSYI2 | CSNDSYI2 |
Symmetric Key Import2 |
CSFSYX | CSNDSYX |
Symmetric Key Export |
CSFTBC | CSNDTBC |
Trusted Block Create |
CSFTRV | CSNBTRV |
Transaction Validation |
CSFT31I | CSNBT31I |
TR-31 Import |
CSFT31X | CSNBT31X |
TR-31 Export |
CSFUKD | CSNBUKD |
Unique Key Derive |
CSF1DVK | CSFPDVK |
PKCS #11 Derive key |
CSF1DMK | CSFPDMK |
PKCS #11 Derive multiple keys |
CSF1HMG | CSFPHMG |
PKCS #11 Generate HMAC |
CSF1GKP | CSFPGKP |
PKCS #11 Generate key pair |
CSF1GSK | CSFPGSK |
PKCS #11 Generate secret key |
CSF1GAV | CSFPGAV |
PKCS #11 Get attribute value |
CSF1PKS | CSFPPKS |
PKCS #11 Private key sign |
CSF1PKV | CSFPPKV |
PKCS #11 Public key verify |
CSF1SKD | CSFPSKD |
PKCS #11 Secret key decrypt |
CSF1SKE | CSFPSKE |
PKCS #11 Secret key encrypt |
CSF1SAV | CSFPSAV |
PKCS #11 Set attribute value |
CSF1TRC | CSFPTRC |
PKCS #11 Token record create |
CSF1TRD | CSFPTRD |
PKCS #11 Token record delete |
CSF1TRL | CSFPTRL |
PKCS #11 Token record list |
CSF1UWK | CSFPUWK |
PKCS #11 Unwrap key |
CSF1HMV | CSFPHMV |
PKCS #11 Verify HMAC |
CSF1WPK | CSFPWPK |
PKCS #11 Wrap key |
1 If the CSF.CSFSERV.AUTH.CSFOWH.DISABLE resource is defined within the XFACILIT class, the SAF authorization check is disabled for this resource. Disabling the SAF check may improve the performance of your applications.
2 If the CSF.CSFSERV.AUTH.CSFRNG.DISABLE resource is defined within the XFACILIT class, the SAF authorization check is disabled for this resource. Disabling the SAF check may improve the performance of your application.
Resource Name | Utility and Callable Service Description |
---|---|
CSFCMK | Change master key utility |
CSFCONV | PCF CKDS to ICSF CKDS conversion utility |
CSFCRC | Coordinated KDS Administration |
CSFDKCS | Master key entry utility |
CSFEDC | Compatibility service for the PCF CIPHER macro |
CSFEMK | Compatibility service for the PCF EMK macro |
CSFGKC | Compatibility service for the PCF GENKEY macro |
CSFKGUP | Key generation utility program |
CSFOPKL | Operational key load |
CSFPCAD | Cryptographic processors management (activate/deactivate) |
CSFPKDR | PKDS reencipher and PKDS refresh utilities |
CSFPMCI | Pass phrase master key/KDS initialization utility |
CSFREFR | Refresh CKDS or PKDS utility |
CSFRENC | Reencipher CKDS or PKDS utility |
CSFRSWS | Administrative control functions utility (ENABLE) |
CSFRWP | CKDS Conversion2 - rewrap option. |
CSFRTC | Compatibility service for the CUSP or PCF RETKEY macro |
CSFSMK | Set master key utility |
CSFSSWS | Administrative control functions utility (DISABLE) |
CSFUDM | User Defined Extensions (UDX) management functions |
RDEFINE CSFSERV CSFCTT2 UACC(NONE)
RDEFINE CSFSERV CSFCTT3 UACC(NONE)
RDEFINE CSFSERV * UACC(NONE)
PERMIT profile-name CLASS(CSFSERV) ID(groupid) ACCESS(READ)
SETROPTS CLASSACT(CSFSERV)
SETROPTS RACLIST(CSFSERV) REFRESH