z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Changes made in z/OS Version 1 Release 13

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

This document contains information previously presented in z/OS ICSF Administrator's Guide, SA22-7521-15, which supports z/OS Version 1 Release 12.

This document is for ICSF FMID HCR7790. This release of ICSF runs on z/OS V1R11, z/OS V1R12, and z/OS V1R13, and only on zSeries hardware.

New information
  • Added support for AES CIPHER keys, AES EXPORTER and AES IMPORTER keys. These are variable-length AES keys up to 725 bytes in length, and require a CEX3C and the Sep. 2011 or later licensed internal code (LIC). To store these keys in the CKDS, the CKDS must first have been converted to the variable-length record format. ICSF provides a CKDS conversion program, CSFCNV2, that converts a fixed-length record format CKDS to a variable-length record format. For more information in this utility, refer to z/OS Cryptographic Services ICSF System Programmer’s Guide.
  • Added support for dynamic change of the RSA master key on z196 systems with CEX3C coprocessors and the Sep. 2011 licensed internal code (LIC). Refer to Changes concerning the RSA master key (RSA-MK).
  • Added new panels to simplify CKDS administration. The coordinated CKDS administration panels simplify the process for changing the CKDS master keys and performing CKDS refreshes. Tasks that had once been distinct and spread over multiple panels and manual steps are combined into a single panel. In a sysplex environment, these new panels enable you to drive a CKDS change master key operation or a CKDS refresh operation from a single instance of ICSF across all sysplex members sharing the same active CKDS. For more information, refer to Symmetric Master Keys and the CKDS and Changing symmetric master keys and refreshing the CKDS when the CKDS is shared in a sysplex environment.
  • A new message, CSFC0316, is generated for a CKDS reencipher fail. The message specifies the CKDS entry being processed at the time of the fail.
  • New health checks for informing the user of potential ICSF problems have been added. See Using ICSF Health Checks for more information.
Changed information
  • New profiles in the CSFSERV general resource class for covering the resources associated with new callable services. Refer to Setting up profiles in the CSFSERV general resource class.
  • References to the IBM eServer zSeries 800 (z800) do not appear in this information. Be aware that the documented notes and restrictions for the IBM eServer zSeries 900 (z900) also apply to the z800.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014