The Create Device Description (Crypto) (CRTDEVCRP) command creates a device description for a cryptographic device.

Restriction: You must have input/output system configuration (*IOSYSCFG) special authority to use this command.

Parameters

Keyword	Description	Choices	Notes
DEVD	Device description	Name	Required, Key, Positional 1
RSRCNAME	Resource name	Name, *NONE	Required, Key, Positional 2
APPTYPE	Application type	*CCA, *CCAUDX, *NONE	Optional
ONLINE	Online at IPL	*NO, *YES	Optional
MSGQ	Message queue	Single values: *SYSVAL, *SYSOPR Other values: Qualified object name	Optional
	Qualifier 1: Message queue	Name
	Qualifier 2: Library	Name, *LIBL, *CURLIB
PKAKEYFILE	PKA key store file	Single values: *NONE Other values: Qualified object name	Optional
	Qualifier 1: PKA key store file	Name
	Qualifier 2: Library	Name, *LIBL, *CURLIB
DESKEYFILE	DES key store file	Single values: *NONE Other values: Qualified object name	Optional
	Qualifier 1: DES key store file	Name
	Qualifier 2: Library	Name, *LIBL, *CURLIB
TEXT	Text 'description'	Character value, *BLANK	Optional
AUT	Authority	Name, *CHANGE, *ALL, *USE, *EXCLUDE, *LIBCRTAUT	Optional

Top

Device description (DEVD)

Specifies the name of the device description.

Resource name (RSRCNAME)

Specifies the resource name that identifies the hardware that the description represents.

*NONE

No resource name is specified. A resource name must be provided before the device can be varied on.

resource-name

Specify the name that identifies the crypto device hardware on the system.

Note: Use the Work with Hardware Resources (WRKHDWRSC) command with TYPE(*CRP) specified to determine the resource name.

Application type (APPTYPE)

Specifies the application that runs inside of the secure computing environment on the cryptographic device.

*CCA

The flash memory in the cryptographic device is initialized with the Common Cryptographic Architecture (CCA) application.

Note: This value is valid only for 4758, 4764 and 4765 device types.

*CCAUDX

The flash memory in the cryptographic device is initialized only if the system does not detect the CCA application or a CCA User Defined Extension (UDX) application within the flash memory of the device.

Note: This value is valid only for 4758, 4764 and 4765 device types.

*NONE

The cryptographic device does not support flash memory applications.

Note: This value is valid only for 2058 device type.

Online at IPL (ONLINE)

Specifies whether this object is automatically varied on at initial program load (IPL).

*NO

This device is not varied on automatically at IPL.

*YES

This device is varied on automatically at IPL.

Message queue (MSGQ)

Specifies the message queue to which operational messages for this device are sent.

The possible qualified names are:

*SYSVAL

The messages are sent to the message queue specified by the system value QCFGMSGQ.

*SYSOPR

Messages are sent to the system operator message queue (QSYS/QSYSOPR).

message-queue-name

Specify the name of the message queue to which operational messages are sent.

*LIBL

All libraries in the job's library list are searched until the first match is found.

*CURLIB

The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.

library-name

Specify the name of the library to be searched.

PKA key store file (PKAKEYFILE)

Specifies the name of the database file containing the PKA (Public Key Algorithm) keys.

Single values

*NONE

No default PKA key database is used.

Other values

PKA-key-store-file-name

Specifies the name of the default PKA key database.

The possible library values are:

*LIBL

All libraries in the library list for the current thread are searched until the first match is found.

*CURLIB

The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.

library-name

Specify the library where the object is located.

DES key store file (DESKEYFILE)

Specifies the name of the database file containing the DES (Data Encryption Standard) keys used for this device.

Single values

*NONE

No default DES key database is used.

Other values

DES-key-store-file-name

Specifies the name of the default DES key database.

The possible library values are:

*LIBL

All libraries in the library list for the current thread are searched until the first match is found.

*CURLIB

The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.

library-name

Specify the library where the object is located.

Text 'description' (TEXT)

Specifies the text that briefly describes the object.

*BLANK

No text is specified.

character-value

Specify no more than 50 characters of text, enclosed in apostrophes.

Authority (AUT)

Specifies the authority you are giving to users who do not have specific authority for the object, who are not on an authorization list, and whose group profile or supplemental group profiles do not have specific authority for the object.

*CHANGE

The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.

*ALL

The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.

*USE

The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.

*EXCLUDE

The user cannot access the object.

*LIBCRTAUT

The system determines the authority for the object by using the value specified for the Create authority (CRTAUT) parameter on the Create Library (CRTLIB) command for the library containing the object to be created. If the value specified for the CRTAUT parameter is changed, the new value will not affect any existing objects.

name

Specify the name of an authorization list to be used for authority to the object. Users included in the authorization list are granted authority to the object as specified in the list. The authorization list must exist when the object is created.

Examples

CRTDEVCRP   DEVD(CRP01)  RSRCNAME(CRP01)

This command creates a device description for a cryptographic device that is named CRP01. The device type is determined from the resource name.

Error messages

*ESCAPE Messages

CPF261A

Device description &1 not created due to errors.