Translate Keystore File (TRNCKMKSF)
| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Translate Keystore File (TRNCKMKSF) command translates key values stored in the specified keystore files to another master key, or if the same master key is specified, to the current version of the master key. If an error occurs, processing halts immediately.
For more information on keystore files, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.
Restrictions:
- You must have object operational (*OBJOPR), read (*READ) and update (*UPD) authority to the keystore file.
| Top |
Parameters
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| KEYSTORE | Keystore file | Values (up to 10 repetitions): Qualified object name | Required, Positional 1 |
| Qualifier 1: Keystore file | Name | ||
| Qualifier 2: Library | Name, *LIBL, *CURLIB | ||
| MSTKEY | Master key | 1-8, *SAME | Optional |
| Top |
Keystore file (KEYSTORE)
Specifies the keystore files to use. Up to 10 keystore files can be specified.
This is a required parameter.
Qualifier 1: Keystore file
- name
- Specify the name of the keystore file.
Qualifier 2: Library
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
- name
- Specify the name of the library to search for the file.
| Top |
Master key (MSTKEY)
Specifies the id of the master key under which the key values will be translated.
This is a required parameter.
- *SAME
- The keystore key values that are encrypted under the old version of the file's master key will be translated to the current version.
- 1-8
- The keystore key values will be translated to the current version of the chosen master key.
| Top |
Examples
Example 1: Translate Keystore Keys to the Current Version of the Master Key
TRNCKMKSF KEYSTORE(MYLIB/KEYSTORE1 MYLIB/KEYSTORE2)
This command re-encrypts all keys in keystore files KEYSTORE1 and KEYSTORE2 in library MYLIB that are encrypted under the old version of the master key to encryption under the current version.
Example 2: Translate Keystore Keys to Another Master Key
TRNCKMKSF KEYSTORE(MYLIB/MYKEYSTORE) MSTKEY(8)
This command re-encrypts all keys in a keystore file under the current version of Master Key 8.
| Top |
Error messages
*ESCAPE Messages
- CPF3CF2
- Error(s) occurred during running of &1 API.
- CPF9872
- Program or service program &1 in library &2 ended. Reason code &3.
- CPF9D88
- An error occurred during exit program post-processing.
- CPF9D89
- An error occurred during exit program pre-processing.
- CPF9D8E
- Keystore &1 in library &2 was not translated due to exit program cancel.
- CPF9D96
- Key store file requires recovery.
- CPF9D9F
- User not authorized to key store file.
- CPF9DA0
- Error opening key store file.
- CPF9DA5
- Key store file not found.
- CPF9DA6
- Key store file is not available.
- CPF9DA7
- File is corrupt or not a valid key store file.
- CPF9DAB
- One or more keys could not be decrypted.
- CPF9DAF
- Version &2 of master key &1 is not set.
- CPF9DB3
- Qualified keystore file name is not valid.
- CPF9DB7
- Error occured writing to the key store file.
- CPF9DB8
- Error occured reading record from key store.
- CPF9DDA
- Unexpected return code &1 from cryptographic service provider &2.
| Top |