Set Master Key (SETMSTKEY)
Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Set Master Key (SETMSTKEY) command sets the specified master key from the parts already added. Master key parts can be added with the Add Master Key Part (ADDMSTPART) CL command, the Qc3LoadMasterKeyPart API, or Manage Master Keys panel in System i Navigator. Upon successful completion of this command, any keys encrypted under this master key should be retranslated. In order to save the master keys, a Save System (SAVSYS) command must be run.
For more information on master keys, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.
Restrictions:
- You must have all object (*ALLOBJ) and security administrator (*SECADM) special authorities to run this command.
Top |
Parameters
Keyword | Description | Choices | Notes |
---|---|---|---|
MSTKEY | Master key | 1-8, *ASP, *SAVRST | Required, Positional 1 |
Top |
Master key (MSTKEY)
Specifies the master key on which to perform the action.
This is a required parameter.
The action will be performed on:
- *ASP
- The master key used for encrypting data stored on auxiliary storage pool (ASP) disk storage.
- *SAVRST
- The master key used for encrypting all the other master keys on a SAVSYS operation.
- 1-8
- One of the eight general purpose master keys.
Top |
Examples
SETMSTKEY MSTKEY(3)
This command first moves the current version of Master Key 3 into the old version, and then moves the new version (consisting of all parts added for Master Key 3 since the last Set Master Key) into the current version.
Top |
Error messages
*ESCAPE Messages
- CPF222E
- &1 special authority is required.
- CPF3CF2
- Error(s) occurred during running of &1 API.
- CPF9872
- Program or service program &1 in library &2 ended. Reason code &3.
- CPF9D88
- An error occurred during exit program post-processing.
- CPF9D89
- An error occurred during exit program pre-processing.
- CPF9D90
- Master Key &1 was not set due to an exit program cancel.
- CPF9D94
- A pending value exists for a master key.
- CPF9DB0
- No key parts have been loaded.
- CPF9DDA
- Unexpected return code &1 from cryptographic service provider &2.
Top |