Managing cryptographic keystore files

You can create keystore files, and add, generate, delete, import, export, and retrieve attributes for key records.

A keystore is a set of database files that are used for storing cryptographic keys. Any type of key that is supported by cryptographic services can be stored in a keystore file. Some examples of the types of keys supported by cryptographic services are AES, RC2, RSA, and MD5-HMAC. You can create as many keystore files as you want, and add as many key records as you want into a keystore file. Since each keystore file is a separate system object, you can authorize different users to each file. You can save and restore each keystore file at different times. This depends on how often key records are added to the keystore file and how often the master key for the keystore file is changed.

You can manage keystore files from the System i® Navigator or the IBM® Navigator for i interfaces, or use the Cryptographic Services APIs or control language (CL) commands.

Note: You should use Secure Sockets Layer (SSL) to reduce the risk of exposing key values while performing key management functions.
Parent topic: Cryptographic services key management