Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
RACF Protecting ICSF Services used by the New Panels z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
ICSF uses these ICSF callable services to create or delete PKDS records and export or import RSA keys to X.509 certificates:
If you are using RACF or a similar security product, ensure that the security administrator authorizes ICSF to use these services and any cryptographic keys that are input. For information about ICSF callable services, see Introducing Symmetric Key Cryptography and Using Symmetric Key Callable Services in z/OS Cryptographic Services ICSF Application Programmer’s Guide. Follow these steps to manage keys in the PKDS. Select option 6, PKDSKEYS, on the ICSF Utilities panel as shown in Figure 212. Figure 212. Selecting the PKDSKEYS option on the ICSF Utilities Panel
CSFUTL00 ---------------- ICSF - Utilities -------------------------- OPTION ===> 6 Enter the number of the desired option. 1 ENCODE - Encode data 2 DECODE - Decode data 3 RANDOM - Generate a random number 4 CHECKSUM - Generate a checksum and verification and hash pattern 5 PPKEYS - Generate master key values from a pass phrase 6 PKDSKEYS - Manage keys in the PKDS 7 PKCS11 TOKEN - Manage PKCS11 tokens Press ENTER to go to the selected option. Press END to exit to the previous menu. If option 6 is selected on the utilities panel, the ICSF - PKDS Keys is presented: Figure 213. ICSF PKDS Keys Panel
CSFPKY00 ---------------- ICSF - PKDS Keys -------------------------- COMMAND ===> Enter the RSA record's label for the actions below ==> Select one of the following actions then press ENTER to process: - Generate a new RSA key pair record Enter the key length ===> 512, 1024, 2048, 3072 or 4096 Enter Private Key Name (optional) ==> - Delete the existing public key or key pair RSA record - Export the RSA record's public key to a certificate data set Enter the DSN ===> Enter desired subject's common name (optional) CN= - Create a RSA public key record from an input certificate. Enter the DSN ===> From this panel you can manage RSA key entries in the PKDS. To create a new record or manage an existing PKDS record, supply the PKDS key label and then select an action. Supported actions:
|
Copyright IBM Corporation 1990, 2014
|