z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Steps for setting the SMK equal to the KMMK

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

It is highly recommended that the KMMK, SMK and ASYM-MK be equal. This will facilitate migration to new features on crypto hardware.

If you are a new user and using Pass Phrase Initialization, ensure that you answer Y for Signature MK = Key Management MK? on Figure 11. If using Clear Key Entry, make sure that you enter the same value for your SMK and KMMK.

If you are an existing user and for some reason your KMMK does not equal the SMK and ASYM-MK, you should follow this procedure. You must have a PCICC on your system.

  1. Disable PKA services (see Steps for enabling and disabling PKA services).
  2. Determine the value of the SMK
    1. If you used Pass Phrase Initialization, go to the main menu and and choose option 5, UTILITY. Select option 5, PPKEYS.

      Figure 73. ICSF Utilities Panel 
       CSFUTL00 ---------------- ICSF - Utilities --------------------------
 OPTION ===> 5


 Enter the number of the desired option.

   1  ENCODE        -  Encode data
   2  DECODE        -  Decode data
   3  RANDOM        -  Generate a random number
   4  CHECKSUM      -  Generate a checksum and verification and
                       hash pattern
   5  PPKEYS        -  Generate master key values from a pass phrase
   6  PKDSKEYS      -  Manage keys in the PKDS

      The Master Key Values from Pass Phrase panel appears (Figure 74).

      Figure 74. ICSF Master Key Values from Pass Phrase Panel 
       CSFPPM00 ------------ ICSF - Master Key Values from Pass Phrase -----
 
Pass Phrase ( 16 to 64 characters)
 ==>_________________________________________________________________

Signature/Asymmetric-keys master key  : 0000000000000000 
                                      : 0000000000000000
                                      : 0000000000000000

Key Management master key             : 0000000000000000 
                                      : 0000000000000000
                                      : 0000000000000000

      Enter the previously used pass phrase and your SMK and KMMK values will be displayed.

    2. If you used Master Key entry, you must retrieve the value from your written files.
  3. Use the value of the SMK as the new KMMK and ASYM-MK values (see PKA master keys and the PKDS).
  4. Reencipher and Activate the PKDS (see Steps for reenciphering and refreshing the PKDS).

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014