z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Steps for restarting the key entry process

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

If you realize that you made an error when entering a key part, you can restart the process of entering the new master key. For example, if the verification pattern or the hash pattern that was calculated does not match the one that you calculated, you may want to restart the process. Restarting the key entry process clears the new master key register, which erases all the new master key parts you entered previously.

Note:
If you are working on a CCF, when you enter the first key part, your old master key is lost, even if you restart the process.

To restart the key entry process, follow these steps:

  1. On the Master Key Entry panel, enter the master key type in the Key Type field.

    In this example, we are resetting a new DES master key.

  2. Enter RESET in the Part field.
    Figure 47. Selecting Reset on the Master Key Entry Panel 
     CSFDKE10 -------------- ICSF - Master Key Entry ---------
 COMMAND ===> 

              CCF DES/PCICC SYM-MK new master key register     : PART FULL
              CCF Signature/PCICC ASYM-MK master key register  : EMPTY 
              CCF Key management master key register           : EMPTY


  Specify information below
    Key Type  ===>  DES              (DES, SMK, KMMK, ALL-PKA)

    Part      ===>  RESET_           (RESET, FIRST, MIDDLE, FINAL)

    Checksum  ===>  00

    Key Value ===> 0000000000000000
              ===> 0000000000000000
              ===> 0000000000000000   (SMK, KMMK and ALL-PKA only)
  3. Press ENTER.

    The Restart Key Entry Process panel appears. See Figure 48. This panel confirms your request to restart the key entry process.

    Figure 48. Confirm Restart Request Panel 
     CSFDKE40 -------------- ICSF - Restart Key Entry Process -------------
 COMMAND ===>

 ARE YOU SURE YOU WISH TO RESTART THE KEY ENTRY PROCESS?


   Restarting the process will clear the DES master key register.


   WARNING: Resetting the KMMK or SMK will invalidate any private
            internal key tokens in the PKDS. 


 Press ENTER to confirm restart request
 Press END   to cancel restart request
    Note:
    If you are restarting the key entry process for one or all of the PKA master keys, the panel message will differ. ICSF substitutes either 'KMMK register', 'SMK register' or 'ALL-PKA register' for ' the DES master key register' phrase in the panel message.
  4. If you want to restart the key entry process, press ENTER.

    The restart request automatically empties the master key register.

  5. If you do not want to restart, press END.

    When you make a choice, you return to the Master Key Entry panel. If you selected to continue with the restart process, the new master key register status field is reset to EMPTY, as shown in Figure 49. This indicates that the register has been cleared.

    Figure 49. The Master Key Entry Panel Following Reset Request 
     CSFDKE10 -------------- ICSF - Master Key Entry ---------
 COMMAND ===> 

              CCF DES/PCICC SYM-MK new master key register     : EMPTY
              CCF Signature/PCICC ASYM-MK master key register  : EMPTY 
              CCF Key management master key register           : EMPTY


  Specify information below
    Key Type  ===> ___          (DES, SMK, KMMK, ALL-PKA)

    Part      ===> ________     (RESET, FIRST, MIDDLE, FINAL)

 
    Checksum  ===> 00

    Key Value ===> 0000000000000000
              ===> 0000000000000000
              ===> 0000000000000000   (SMK, KMMK and ALL-PKA only)
  6. Either begin the key entry process again or press END to return to the ICSF primary menu panel.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014