z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Reusing or Reassigning a Domain

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

In the course of business, you may find it necessary to reuse or reassign a domain that is currently active. If this is the case, there are several steps to perform. It is a good security practice to zeroize the domain secrets, which includes retained keys and master keys.

Run the retained key delete service in the domain to remove them.

You can zeroize the master key with the TKE workstation or with TSO panels. For information on the TKE process, see z/OS Cryptographic Services ICSF TKE Workstation User’s Guide.

If you are using the TSO panels, follow the procedure in Steps for changing master keys or Steps for changing master keys for your DES, SYM-MK, ASYM-MK and PKA master keys. Your key type should equal DES or SYM-MK and the key value should be all zeros.

Figure 237. The Clear Master Key Entry Panel - CCF and PCICC 
 CSFDKE10 -------------- ICSF - Clear Master Key Entry ---------
 COMMAND ===> 

              CCF DES/PCICC SYM-MK new master key register     : EMPTY
              CCF Signature/PCICC ASYM-MK master key register  : FULL 
              CCF Key management master key register           : FULL


  Specify information below
    Key Type  ===> DES      (DES, SMK, KMMK, ALL-PKA)

    Part      ===> FIRST        (RESET, FIRST, MIDDLE, FINAL)

 
    Checksum  ===> 00

    Key Value ===> 0000000000000000
              ===> 0000000000000000
              ===> 0000000000000000   (SMK, KMMK and ALL-PKA only)
Figure 238. The Clear Master Key Entry Panel - PCIXCC, CEX2C, and CEX3C 
CSFDKE50------------- ICSF - Clear Master Key Entry -----------------
COMMAND ===> 

              Symmetric-keys new master key register     : EMPTY
              Asymmetric-keys new master key register    : FULL 
             
  Specify information below
    Key Type  ===> SYM-MK           (SYM-MK, ASYM-MK)

    Part      ===>  FIRST           (RESET, FIRST, MIDDLE, FINAL)

    Checksum  ===> 00

    Key Value ===> 0000000000000000
              ===> 0000000000000000
              ===> 0000000000000000   (ASYM-MK only)



  Press ENTER to process.
  Press END   to exit to the previous menu.

 

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014