|
The pass phrase initialization utility can be used to initialize PCIXCCs,
CEX2Cs, or CEX3Cs after system initialization. The procedure
is to rerun the Pass Phrase Initialization Utility.
The step-by-step procedure is:
- Run the Pass Phrase Initialization Utility.
Access the primary
menu panel.
Figure 25. Selecting the Pass Phrase Initialization Option on the ICSF Primary Menu Panel
CSF@PRIM ------------- Integrated Cryptographic Service Facility ---------
OPTION ===> 6
Enter the number of the desired option.
1 COPROCESSOR MGMT - Management of Cryptographic Coprocessors
2 MASTER KEY - Master key set or change, CKDS/PKDS processing
3 OPSTAT - Installation options
4 ADMINCNTL - Administrative Control Functions
5 UTILITY - ICSF Utilities
6 PPINIT - Pass Phrase Master Key/KDS Initialization
7 TKE - TKE Master and Operational key processing
8 KGUP - Key Generator Utility processes
9 UDX MGMT - Management of User Defined Extensions
Licensed Materials - Property of IBM
5694-A01 (C) Copyright IBM Corp. 1990, 2011. All rights reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Press ENTER to go to the selected option.
Press END to exit to the previous menu.
- Select option 6, PPINIT, and press ENTER to begin the pass phrase
initialization utility.
The Pass Phrase MK/CKDS/PKDS Initialization
panel appears. See Figure 26.
Notes:
- Panel CSFPMC30 appears if you are running on a z9, z10, or z196 server
with the Nov. 2008 or later licensed internal code (LIC).
- Panel CSFPMC40 appears if you are running on a z196 server
with the Sept. 2010 or later LIC.
Figure 26. ICSF Pass Phrase MK/CKDS/PKDS Initialization Panel
CSFPMC10 ------- ICSF - Pass Phrase MK/CKDS/PKDS Initialization ---
Command ===>
Enter your pass phrase (16 to 64 characters)
===>
Select one of the initialization actions then press ENTER to process.
_ Initialize system - Load the DES and asymmetric master keys to all
coprocesors and initialize the CKDS and the PKDS.
CKDS ===>
PKDS ===>
_ Reinitialize system - Load the DES and asymmetric master keys to all
coprocesors and make the specified CKDS and the PKDS the current key data
sets.
CKDS ===>
PKDS ===>
_ Add coprocessors - Initialize additional online coprocessors with the
same DES and asymmetric master keys.
Press ENTER to process.
Press END to exit to the previous menu.
- Type the pass phrase and the data set name in the spaces that
are provided. Refer to the example in Figure 27.
The
CKDS and PKDS names must be the current, active CKDS and PKDS.
Note:
The same pass phrase will always produce the same master
key values. Because you are reentering master keys, you must use the
same pass phrase as when you originally entered the keys. You should
have saved the pass phrase in a secure place when you entered the
master keys previously.
- Select the 'Add coprocessors' action.
Figure 27. Entering Options on the Pass Phrase MK/CKDS/PKDS Initialization Panel
CSFPMC10 ------- ICSF - Pass Phrase MK/CKDS/PKDS Initialization ---
Command ===>
Enter your pass phrase (16 to 64 characters)
===>
Select one of the initialization actions then press ENTER to process.
_ Initialize system - Load the DES and asymmetric master keys to all
coprocesors and initialize the CKDS and the PKDS.
CKDS ===>
PKDS ===>
_ Reinitialize system - Load the DES and asymmetric master keys to all
coprocesors and make the specified CKDS and the PKDS the current key data
sets.
CKDS ===>
PKDS ===>
s Add coprocessors - Initialize additional online coprocessors with the
same DES and asymmetric master keys.
Press ENTER to process.
Press END to exit to the previous menu.
- Press ENTER to run the utility.
For details of these calculations,
refer to Pass Phrase Initialization master key calculations.
Messages on the bottom half
of the panel display the progress of the utility.
- When the utility has completed successfully, press END to return
to the primary menu.
|
z/OS Cryptographic Services ICSF Administrator's Guide
Copyright IBM Corporation 1990, 2014