|
You only have to initialize a PKDS the first time you start ICSF on
a system.
Note:
You must have a valid RSA-MK or
ECC-MK loaded to initialize the PKDS. When
you initialize a PKDS, you can copy the disk copy of the PKDS to create
other PKDSs for use on the system. You can also use a PKDS on another ICSF system
if the system has the same master key value.
For a description of how to use the Master Key Entry panels to
enter the master key, see Steps for entering the first master key part. For a description
of how to use the TKE workstation to enter the
master key, refer to z/OS Cryptographic Services ICSF TKE Workstation User’s Guide.
Steps for initializing a PKDS
To initialize the PKDS:
- Return to the Primary Menu panel by pressing END from the Master
Key Entry panel.
- Select Option 2, MASTER KEY MGMT, on the Primary Menu panel as
shown in Figure 105.
Figure 105. Selecting the Master Key option on the primary menu panel
CSF@PRIM --------- Integrated Cryptographic Service Facility ---------
OPTION ===> 2
Enter the number of the desired option.
1 COPROCESSOR MGMT - Management of Cryptographic Coprocessors
2 MASTER KEY MGMT - Master key set or change, CKDS/PKDS processing
3 OPSTAT - Installation options
4 ADMINCNTL - Administrative Control Functions
5 UTILITY - ICSF Utilities
6 PPINIT - Pass Phrase Master Key/KDS Initialization
7 TKE - TKE Master and Operational key processing
8 KGUP - Key Generator Utility processes
9 UDX MGMT - Management of User Defined Extensions
Licensed Materials - Property of IBM
5694-A01 (C) Copyright IBM Corp. 1990, 2011. All rights reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Press ENTER to go to the selected option.
Press END to exit to the previous menu.
The Master Key Management panel appears. See Figure 106.
Figure 106. ICSF Master Key Management Panel
CSFMKM10 ---------------- ICSF - Master Key Management ----------------
OPTION ===> 5
Enter the number of the desired option.
1 INIT/REFRESH/UPDATE CKDS - Initialize a Cryptographic Key Data Set or
activate an updated Cryptographic Key Data Set
2 SET MK - Set a master key (AES, DES, ECC)
3 REENCIPHER CKDS - Reencipher the CKDS prior to changing a symmetric
master key
4 CHANGE SYM MK - Change a symmetric master key and activate the
reenciphered CKDS
5 INIT/REFRESH/UPDATE PKDS - Initialize a Public Key Data Set or
activate an updated Public Key Data Set or
update the Public Key Data Set header
6 REENCIPHER PKDS - Reencipher the PKDS
7 CHANGE ASYM MK - Change an asymmetric master key and activate the
reenciphered PKDS
8 COORDINATED KDS REFRESH - Perform a coordinated KDS refresh
9 COORDINATED KDS CHANGE MK - Perform a coordinated KDS change master key
- Select option 5, INIT/REFRESH/UPDATE PKDS and the Initialize
a PKDS panel appears. See Figure 107.
Figure 107. ICSF Initialize/Refresh a PKDS Panel
CSFCKD30 ---------------- ICSF - PKDS Initialize/Refresh ----------------
COMMAND ===>
Enter the number of the desired option.
1 Initialize an empty PKDS
2 Refresh - Activate an updated PKDS
3 Update an existing PKDS
Enter the name of the PKDS below.
PKDS ===>
- In the PKDS field, enter the name of the empty VSAM data set that
was created to use as the disk copy of the PKDS.
- Select option 1, Initialize an empty PKDS.
|
z/OS Cryptographic Services ICSF Administrator's Guide
Copyright IBM Corporation 1990, 2014