z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Asymmetric master keys and the PKDS

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

The step-by-step procedure for changing the RSA-MK or ECC-MK is documented in this topic.

Notes:
  1. Prior to reenciphering a PKDS, consider temporarily disallowing dynamic PKDS update services. For more information, refer to Steps for enabling and disabling PKA callable services and PKDS updates.
  2. The procedure for changing the RSA-MK depends on the cryptographic coprocessors online on your system. When your system has CEX3C coprocessors that are online and have the RSA-MK loaded, the steps involving the PKA callable services control should be ignored. The control will not be active.
  3. When the PKDS is shared by multiple images in a sysplex environment, the asymmetric key master keys must also be changed on all the sharing systems. See Running in a Sysplex Environment.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014