z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Initializing the CKDS and PKDS at First-Time Startup

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

If running in a sysplex, see Running in a Sysplex Environment.

If you are running on a IBM eServer zSeries 990, IBM eServer zSeries 890, z9 EC, z9 BC, z10 EC, z10 BC, or z196 and wish to share your CKDS and PKDS with a CCF system on an IBM eServer zSeries 900, you should initialize the CKDS and PKDS on the IBM eServer zSeries 900.

The first time you start ICSF, you must:

  • Create a cryptographic key data set (CKDS)
  • Create a PKA key data set (PKDS)
  • Enter a new DES-MK into each PCIXCC, CEX2C, or CEX3C (optional)
  • Enter a new RSA-MK into each PCIXCC, CEX2C, or CEX3C (optional)
  • Enter a new AES-MK into each CEX2C, or CEX3C (optional)
  • Enter a new ECC-MK into each CEX3C (optional)
  • Initialize the CKDS
  • Initialize the PKDS

When you initialize the CKDS, ICSF creates a header record for the CKDS and sets any DES or AES master keys in the new master key registers. When you initialize the PKDS, ICSF creates a header record for the PKDS and sets any ECC or RSA master keys in the new master key registers.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014