The pass phrase initialization utility can be used to initialize PCI Cryptographic Coprocessors after system initialization. The procedure is to re-run the Pass Phrase Initialization Utility.

The step-by-step procedure is:

1. Run the Pass Phrase Initialization Utility.

   Access the primary menu panel.

   Figure 22. Selecting the Pass Phrase Initialization Option on the ICSF Primary Menu Panel

    CSF@PRIM ------------- Integrated Cryptographic Service Facility ---------
    OPTION ===> 6
   
    Enter the number of the desired option.
   
      1  COPROCESSOR MGMT    -  Management of Cryptographic Coprocessors
      2  MASTER KEY MGMT     -  Master key set or change, CKDS/PKDS processing
      3  OPSTAT              -  Installation options
      4  ADMINCNTL           -  Administrative Control Functions
      5  UTILITY             -  ICSF Utilities
      6  PPINIT              -  Pass Phrase Master Key/KDS Initialization
      7  TKE                 -  TKE Master and Operational key processing
      8  KGUP                -  Key Generator Utility processes
      9  UDX MGMT            -  Management of User Defined Extensions
   
          Licensed Materials - Property of IBM
   
         5694-A01 (C) Copyright IBM Corp. 1990, 2011. All rights reserved.
         US Government Users Restricted Rights - Use, duplication or
         disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
   
    Press ENTER to go to the selected option.
    Press END   to exit to the previous menu.
    

2. Select option 6, PPINIT, and press ENTER to begin the pass phrase initialization utility.

   The Pass Phrase MK/KDS Initialization panel appears. See Figure 23.

   Figure 23. ICSF Pass Phrase MK/KDS Initialization Panel

    CSFPMC00 ------- ICSF - Pass Phrase MK/KDS Initialization ---
    Command ===>
    Enter your pass phrase and the names of the CKDS and PKDS:
   
    Pass Phrase (16 to 64 characters)
    ===>
   
    CKDS
    ===>
   
    PKDS
    ===>
   
    Initialize the CKDS and PKDS? (Y/N) ===>
    Signature MK = Key Management MK? (Y/N) ===>
    Initialize new PCICCs only? (Y/N) ===>
   
   
   
   
    Press ENTER to process.
    Press END   to exit to the previous menu.
   
    

3. Type the pass phrase and the data set name in the spaces that are provided.

   The CKDS and PKDS names must be the current, active CKDS and PKDS.

   Note:

   The same pass phrase will always produce the same master key values. Because you are reentering master keys, you must use the same pass phrase as when you originally entered the keys. You should have saved the pass phrase in a secure place when you entered the master keys previously.
4. The "Initialize the CKDS and PKDS?" and "Signature MK = Key Management MK?" questions are ignored.
5. Answer the "Initialize new PCICCs only" question by typing your response in the space following the question. Your response should be Y.
   Figure 24. Entering Options on the Pass Phrase MK/KDS Initialization Panel

    CSFPMC00 --------- ICSF - Pass Phrase MK/KDS Initialization ----------
   
    Enter your pass phrase and the names of the CKDS and PKDS:
   
    Pass Phrase (16 to 64 characters)
    ===> winnie the pooh and tigger too
   
    CKDS
    ===> 'CRYPTO.HCRICSF.CKDS'
   
    PKDS
    ===> CRYPTO.HCRICSF.PKDS
   
    Initialize the CKDS and PKDS? (Y/N) ===> N
    Signature MK = Key Management MK? (Y/N) ===> Y
    Initialize new PCICCs only? ===> Y
    

6. Press ENTER to run the utility.

   For details of these calculations, refer to Pass Phrase Initialization master key calculations.

   Messages on the bottom half of the panel display the progress of the utility.

7. When the utility has completed successfully, press END to return to the primary menu.