This selection allows the user to load an RSA key to a host data
set as an external key token. From this data set it is possible to
install the key in the PKDS by means of TSO/E ICSF panels.
The host data set must be defined in advance. If a workstation
DES EXPORTER key was used to protect the RSA key at the time the RSA
key was generated or enciphered, the host data set must have the following
attributes:
- recfm fixed, lrecl=1500, partitioned
If a workstation AES EXPORTER key was used to protect the RSA
key at the time the key was generated, the host data set must have
the following attributes:
- recfm fixed, lrecl=3000, partitioned
Using this installation method, it is possible to load RSA keys
into any PKDS in any LPAR. For information about the TSO/E ICSF interface,
Installing RSA keys in the PKDS from a data set.
The steps are the same as for loading an RSA key to PKDS (see Load RSA Key to PKDS), except that the user has to specify the full
data set and member name. If you don't specify the data set and member
name in quotes, the high level qualifier for the data set is the TSO/E
logon of the administrator/host user ID.
Figure 1. Load RSA Key to Dataset