SMK equal to KMMK
- Using Master Key Entry
- Start ICSF on a z990, z890, z9 EC, z9 BC, z10 EC, z10 BC, or z196 system,
pointing to the initialized CKDS/PKDS. You will see the message: CSFM419E
INCORRECT MASTER KEY (BOTH) ON PCI X CRYPTOGRAPHIC COPROCESSOR Xnn,
SERIAL NUMBER nnnnnnnn.
- Using Master Key Entry, load the value of the CCF DES master key
into the new DES-MK register. Load the value of the CCF SMK/KMMK master
key into the new ASYM-MK register. You will need the checksums for
each of these values.
- Set the DES master key.
- Enable PKA Callable Services/Dynamic PKDS Access.
- Using Pass Phrase Initialization
- Start ICSF on a z990, z890, z9 EC, z9 BC, z10 EC, z10 BC, or z196 system,
pointing to the initialized CKDS/PKDS.
- Using PPINIT, type in the same pass phrase used to initialize
CCF system. Respond N to Initialize the CKDS/PKDS? (Y/N) question.
SMK not equal to KMMK
Without a PCICC, the PKDS reencipher must run on the PCIXCC,
CEX2C, or CEX3C. If it is not, the z990, z890, z9 EC, z9 BC,
z10 EC, z10 BC, or z196 system will not be able to use
the tokens encrypted under the KMMK. This procedure requires that
you switch between your legacy and z990/z890 TSO sessions.
|