You can use the Master Key Entry panels to enter master key parts in the clear. The way you obtain master key parts depends on the security guidelines in your enterprise. You may receive master key parts from a key distribution center or you may generate your own key parts using the ICSF random number utility.

When you enter the PKA master keys and the asymmetric-keys master key (ASYM-MK) the first time, the PKA callable services are initially disabled. Once you have entered the PKA master keys and the ASYM-MK, you must enable the PKA callable services for these services to work. When you change the PKA master keys and the ASYM-MK, you need to disable the PKA callable services. To enable and disable the PKA callable services refer to Steps for enabling and disabling PKA services.

To enter master key parts that you do not generate using the random number utility, continue with Steps for entering the first master key part.

To begin master key entry by generating random numbers for the key parts, continue with Generating master key data for master key entry.