z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Displaying PCIXCC, CEX2C, and CEX3C coprocessor roles

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

Use the ICSF panels to display the coprocessor role for the coprocessor. All the access control points enabled will be listed.

  1. Select option 1, COPROCESSOR MGMT, on the Primary Option panel, as shown in Figure 189.
    Figure 189. Selecting for Coprocessor Status on the Primary Menu Panel 
     CSF@PRIM ----- Integrated Cryptographic Service Facility  ---------
 OPTION ===> 1

 Enter the number of the desired option.

   1  COPROCESSOR MGMT    -  Management of Cryptographic Coprocessors
   2  MASTER KEY MGMT     -  Master key set or change, CKDS/PKDS processing
   3  OPSTAT              -  Installation options
   4  ADMINCNTL           -  Administrative Control Functions
   5  UTILITY             -  ICSF Utilities
   6  PPINIT              -  Pass Phrase Master Key/KDS Initialization
   7  TKE                 -  TKE Master and Operational key processing
   8  KGUP                -  Key Generator Utility processes
   9  UDX MGMT            -  Management of User Defined Extensions

       Licensed Materials - Property of IBM

      5694-A01 (C) Copyright IBM Corp. 1990, 2011. All rights reserved.
      US Government Users Restricted Rights - Use, duplication or
      disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

 Press ENTER to go to the selected option.
 Press END   to exit to the previous menu.
  2. The Coprocessor Management panel appears. Refer to Figure 190.
    Figure 190. Coprocessor Management Panel 
     CSFGCMP0 ---------------- ICSF Coprocessor Management -------------
 COMMAND ===> 

Select the coprocessors to be processed and press ENTER.
Action characters are: A, D, E, K, R, and S. See the help panel for details.

                 Serial
  CoProcessor    Number         Status   AES   DES   ECC   RSA 
  -----------   ---------       ------   ---   ---   ---   ---- 
 __ H00                         ACTIVE                         
 __ G01          00000001       ONLINE    U     U     U     U  
 __ G02          00000002       ACTIVE    C     U     U     C  
 __ G03          00000003       ACTIVE    C     U     A     C  
 R  G04          00000004       ACTIVE    C     C     A     C  
 __ G05          00000005       ONLINE    U     C     E     U  
 __ E06          00000006       ACTIVE    C     C     -     C  
 __ G07          00000007       OFFLINE
  3. Select the PCIXCC, CEX2C, or CEX3C by entering an 'R' to the left of the coprocessor. Press enter and the Status Display panel appears (Figure 191).
    Note:
    A TKE is required in order to change the coprocessor role. See z/OS Cryptographic Services ICSF TKE Workstation User’s Guide.
    Figure 191. Coprocessor Role Status Displayed for a system without TKE connected 
     CSFCMP30 ---------------- ICSF Status Display -------------
 COMMAND ===> 

Enabled access control points from the default role for X02, domain 0.

Access Control Manager - Read role 
Authorize UDX
Clear Key Import/Multiple Clear Key Import - DES
Clear New AES Master Key
Clear New DES Master Key Register
Clear new ECC Master Key Register
Clear new RSA Master Key Register 
Clear PIN Encrypt 
Clear PIN Generate - GBP
Clear PIN Generate - Interbank 
Clear PIN Generate - VISA PVV 
Clear PIN Generate - 3624
Clear PIN Generate Alternate - VISA PVV
Clear PIN Generate Alternate - 3624 Offset 
Combine AES Master Key Parts
Combine DES Master Key Parts
Combine RSA Master Key Parts
Control Vector Translate 
Cryptographic Variable Encipher
Data Key Export
Data Key Export - Unrestricted 
Data Key Import 
Data Key Import - Unrestricted 
Decipher - DES
Digital Signature Generate
Digital Signature Verify
Diversified Key Generate - single length or same halves
Diversified Key Generate - CLR8-ENC
Diversified Key Generate - SESS-XOR
Diversified Key Generate - TDES-DEC
Diversified Key Generate - TDES-ENC
Diversified Key Generate - TDES-XOR
Diversified Key Generate - TDESEMV2/TDESEMV4
DATAM Key Management Control 
DES Key Token Change
Encipher - DES
Encrypted PIN Generate - GBP 
Encrypted PIN Generate - Interbank 
Encrypted PIN Generate - 3624
Encrypted PIN Translate - Reformat
Encrypted PIN Translate - Translate
Encrypted PIN Verify - GBP
Encrypted PIN Verify - Interbank
Encrypted PIN Verify - VISA PVV
Encrypted PIN Verify - 3624
Generate CVV
Key Export
Key Export - Unrestricted
Key Generate - OP,IM,EX
Key Generate - OPIM,OPEX,IMEX,etc.
Key Generate - OPIM,OPEX,IMEX,etc. extended 
Key Generate - SINGLE-R
    Figure 192. Coprocessor Role Status Displayed for a system without TKE connected - part 2 
     CSFCMP30 ---------------- ICSF Status Display -------------
 COMMAND ===> 

Key Import
Key Import - Unrestricted
Key Part Import - first key part
Key Part Import - middle and last
Key Part Import - ADD-PART
Key Part Import - COMPLETE
Key Part Import - RETRKPR
Key Part Import - Unrestricted 
Key Test 
Key Translate 
Load First AES Master Key Part 
Load First DES Master Key Part
Load First ECC Master Key Part
Load First RSA Master Key Part
Load Middle or Last ECC Master Key Part
Multiple Clear Key Import/Multiple Secure Key Import - AES 
MAC Generate
MAC Verify
NOCV KEK usage for export-related functions
NOCV KEK usage for import-related functions
Prohibit Export
Prohibit Export Extended 
PCF CKDS conversion utility
PIN Change/Unblock - change EMV PIN with IPINENC
PIN Change/Unblock - change EMV PIN with OPINENC
PKA Decrypt
PKA Encrypt
PKA Key Generate
PKA Key Generate - Clear 
PKA Key Generate - Clone
PKA Key Generate - Permit Regeneration Data 
PKA Key Generate - Permit Regeneration Data Retain 
PKA Key Import
PKA Key Import - Import an External Trusted Block
PKA Key Token Change RTCMK 
PKA Key Translate - from source EXP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target EXP KEK
PKA Key Translate - from source IMP KEK to target IMP KEK
PKA Key Translate - from CCA RSA to SC CRT Format
PKA Key Translate - from CCA RSA to SC ME Format
PKA Key Translate - from CCA RSA to SC Visa Format
Reencipher CKDS 
Remote Key Export - Gen or export a non-CCA node Key
Retained Key Delete
Retained Key List
Secure Key Import - DES,IM 
Secure Key Import - DES,OP 
Secure Messaging for Keys
Secure Messaging for PINs
    Figure 193. Coprocessor Role Status Displayed for a system without TKE connected – part 3 
    Set AES Master Key
Set DES Master Key
Set ECC Master Key
Set RSA Master Key
Symmetric Algorithm Decipher - secure AES keys
Symmetric Algorithm Encipher - secure AES keys
Symmetric Key Export - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Export - AES, ZERO-PAD
Symmetric Key Export - DES, PKCS-1.2 
Symmetric Key Export - DES, ZERO-PAD
Symmetric Key Generate - AES, PKCSOAEP, PKCS-1.2 
Symmetric Key Generate - AES, ZERO-PAD
Symmetric Key Generate - DES, PKA92
Symmetric Key Generate - DES, PKCS-1.2 
Symmetric Key Generate - DES, ZERO-PAD
Symmetric Key Import - AES, PKCSOAEP, PKCS-1.2
Symmetric Key Import - AES, ZERO-PAD
Symmetric Key Import - DES, PKA92 KEK
Symmetric Key Import - DES, PKCS-1.2 
Symmetric Key Import - DES, ZERO-PAD 
SET Block Compose
SET Block Decompose 
SET Block Decompose - PIN Extension IPINENC 
SET Block Decompose - PIN Extension OPINENC 
Transaction Validation - Generate 
Transaction Validation - Verify CSC-3
Transaction Validation - Verify CSC-4 
Transaction Validation - Verify CSC-5 
Trusted Block Create - Activate an Inactive Block
Trusted Block Create - Create Block in Inactive form
UKPT - PIN Verify, PIN Translate
Verify CVV

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014