z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Loading DES and PKA master keys using a pass phrase

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

This topic describes how to use the CSFEUTIL program to load DES and PKA master keys using a pass phrase. This will allow an automated setup of ICSF for an automated electronic delivery process.

Restriction: This is not supported on a z990, z890, z9 EC, z9 BC, z10 EC, z10 BC, and z196.

The CKDS must be created and empty. See z/OS Cryptographic Services ICSF System Programmer’s Guide for this information.

Note:
This only initializes the CCF. It will not initialize the PCICC.

The default pass phrase supplied is Change this Pass Phrase.

  1. Invoke the program from a batch job or from another program.
  2. You pass the same parameters whether you call the program as a batch job or from another program.
  3. Pass the name of the CKDS to perform the task and the name for the task. When you invoke the utility program from another program, General Register 1 must contain a pointer to the address of a data area whose structure is as follows: 
       Bytes 0-1: Length of the parameter string in binary
   Bytes 2-n: The parameter string

    The parameter string is the same as that which you would specify using the PARM keyword on the EXEC JCL statement if you invoked the program as a batch job.

  4. To load a pass phrase, pass these parameters in this order:
    • The name of the CKDS
    • An optional 16–64 character pass phrase
    • The name for the task: PPINIT
  5. To load the pass phrase using JCL (with the default pass phrase), use JCL like this example: 
    //STEP EXEC PGM=CSFEUTIL,PARM='CSF.CSFCKDS,PPINIT'
  6. To load the pass phrase using JCL (and using your own pass phrase), use JCL like this example: 
    //STEP EXEC PGM=CSFEUTIL,PARM='CSF.CSFCKDS,different pass phrase,PPINIT'

When you invoke the program as a batch job, you receive the return code in a message when the job completes. You do not receive a reason code with the return code. When the program is invoked from another program, the invoking program receives the reason code in General Register 0 along with the return code in General Register 15. The return codes and reason codes are explained in Return and reason codes for the CSFEUTIL program.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014