Use the CKDS key record read callable service to copy an internal AES or DES key token from the in-storage CKDS to application storage. Other cryptographic services can then use the copied key token directly. The key token can also be used as input to the token copying functions of key generate, key import, or secure key import services to create additional NOCV keys.

The callable service name for AMODE(64) invocation is CSNEKRR.