z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Steps for initializing a CKDS

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

  1. Select Option 2, MASTER KEY MGMT, on the ICSF Primary Menu panel
  2. Select option 1, INIT/REFRESH/UPDATE CKDS and the Initialize a CKDS panel appears.
    Figure 120. ICSF Master Key Management Panel 
     CSFMKM10 ---------------- ICSF - Master Key Management  ----------------
 OPTION ===>  1

 Enter the number of the desired option.                                       
                                                                              
   1  INIT/REFRESH/UPDATE CKDS - Initialize a Cryptographic Key Data Set or    
                           activate an updated Cryptographic Key Data Set      
   2  SET MK            -  Set a master key (AES, DES, ECC)               
   3  REENCIPHER CKDS   -  Reencipher the CKDS prior to changing a symmetric   
                           master key                                          
   4  CHANGE SYM MK     -  Change a symmetric master key and activate the      
                           reenciphered CKDS 
   5  INIT/REFRESH/UPDATE PKDS -  Initialize a Public Key Data Set or
                           activate an updated Public Key Data Set or
                           update the Public Key Data Set header              
   6  REENCIPHER PKDS   -  Reencipher the PKDS        
   7  CHANGE ASYM MK    -  Change an asymmetric master key and activate the
                           reenciphered PKDS
   8  COORDINATED KDS REFRESH - Perform a coordinated KDS refresh
   9  COORDINATED KDS CHANGE MK - Perform a coordinated KDS change master key
  3. In the CKDS field, enter the name of the empty VSAM data set that was created to use as the disk copy of the CKDS.
    Figure 121. ICSF Initialize a CKDS Panel 
     CSFCKD10 ---------------- ICSF - Initialize a CKDS  ----------------
 COMMAND ===>


 Enter the number of the desired option.

   1  Initialize an empty CKDS (creates the header and system keys)
          Record authentication required (Y/N) 
   2  REFRESH   -  Activate an updated CKDS

 Enter the name of the CKDS below.

   CKDS ===> 'FIRST.EMPTY.CKDS'

    The name you enter can be the same name that is specified in the CKDSN keyword option in the installation options data set. You can also initialize a data set that might serve as a backup. For information about creating a CKDS and specifying the CKDS name in the installation options data set, see z/OS Cryptographic Services ICSF System Programmer’s Guide.

  4. Choose option 1, Initialize an empty CKDS, and press ENTER.

    To improve performance, answer N to Record authentication required.

    ICSF creates the header record in the disk copy of the CKDS and refreshes the CKDS.

    When ICSF completes all these steps, the message INITIALIZATION COMPLETE appears.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014