Set Master Key (SETMSTKEY)

The Set Master Key (SETMSTKEY) command sets the specified master key from the parts already added. Master key parts can be added with the Add Master Key Part (ADDMSTPART) CL command, the Qc3LoadMasterKeyPart API, or Manage Master Keys panel in System i Navigator. Upon successful completion of this command, any keys encrypted under this master key should be retranslated. In order to save the master keys, a Save System (SAVSYS) command must be run.

For more information on master keys, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.

Restrictions:

• You must have all object (*ALLOBJ) and security administrator (*SECADM) special authorities to run this command.

Parameters

Master key (MSTKEY)

Specifies the master key on which to perform the action.

This is a required parameter.

The action will be performed on:

*ASP

The master key used for encrypting data stored on auxiliary storage pool (ASP) disk storage.

*SAVRST

The master key used for encrypting all the other master keys on a SAVSYS operation.

1-8

One of the eight general purpose master keys.

Examples

SETMSTKEY   MSTKEY(3)

This command first moves the current version of Master Key 3 into the old version, and then moves the new version (consisting of all parts added for Master Key 3 since the last Set Master Key) into the current version.

Error messages

*ESCAPE Messages

CPF222E

&1 special authority is required.

CPF3CF2

Error(s) occurred during running of &1 API.

CPF9872

Program or service program &1 in library &2 ended. Reason code &3.

CPF9D88

An error occurred during exit program post-processing.

CPF9D89

An error occurred during exit program pre-processing.

CPF9D90

Master Key &1 was not set due to an exit program cancel.

CPF9D94

A pending value exists for a master key.

CPF9DB0

No key parts have been loaded.

CPF9DDA

Unexpected return code &1 from cryptographic service provider &2.