Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
The Public Key Data Set (PKDS) z/OS Cryptographic Services ICSF System Programmer's Guide SA22-7520-17 |
|
RSA, ECC, and DSS public and private keys can be stored in a VSAM data set that is called the public key data set (PKDS). ICSF maintains the PKDS as an external data set. ICSF provides a sample PKDS allocation job (member CSFPKDS) in SYS1.SAMPLIB. ICSF maintains two copies of the PKDS: a disk copy and an in-storage copy. You can store public key tokens or both external and internal private key tokens. Applications can use the dynamic PKDS update callable services to create, write, read, and delete PKDS records. The PKDS must be initialized using the ICSF Master Key Management panels. Support to reencipher and refresh the PKDS is available by using the Master Key Management Panels or the CSFPUTIL utility to reencipher the PKDS and to refresh the reenciphered PKDS. CSFPUTIL is a utility that performs the same reencipher and refresh functions available using the Master Key Management panels. Other systems with lower levels of ICSF which are sharing the PKDS would disable the dynamic PKDS access control, change the appropriate master key(s), refresh the reenciphered PKDS and enable the dynamic PKDS access control. For information on managing and sharing the PKDS in a sysplex environment, see z/OS Cryptographic Services ICSF Administrator’s Guide. Notes:
|
Copyright IBM Corporation 1990, 2014
|