This topic describes how to manage master keys for the Enterprise PKCS #11 (EP11) coprocessors. For Enterprise PKCS #11, a master key is used to protect all secure PKCS #11 keys that are active on your system. This master key is known as the P11 master key or P11-MK.
Because master key protection is essential to the security of the other keys, ICSF stores the master keys within the secure hardware of the cryptographic coprocessor. This nonvolatile key storage area is unaffected by system power outages, because it has a battery backup. The values of the master keys never appear in the clear outside the cryptographic coprocessor.