Initializing a key store file
A key store file is a database file that stores operational keys, i.e. keys encrypted under the master key. This topic provides information on how to keep records of your DES and PKA keys on systems running the i5/OS operating system.
You can initialize two different types of key stores for your Cryptographic Coprocessor. The Cryptographic Coprocessor uses one type to store PKA keys and the other to store DES keys. You need to initialize a key store file if you plan to store keys in it. Even though retain keys are not stored in a key store file, one is still required because CCA searches for labels in key store files before it searches for labels in the coprocessor.
The CCA CSP creates a DB2® key store file, if one does not already exist. If a key store file already exists, the CCA CSP deletes the file and recreates a new one.
To initialize a key store, you can use the Cryptographic Coprocessor configuration utility. Click on Manage configuration and then click on either DES keys or PKA keys depending upon what key store file you wish to initialize. With the utility, you can only initialize a file if it does not already exist.
If you would rather write your own application to initialize a key store file, you can do so by using the KeyStore_Initialize (CSNBKSI) API verb.
After you create a key store for your Cryptographic Coprocessor, you can generate DES and PKA keys to store in your key store files.
- Example: ILE C program for initializing a key store for your Cryptographic Coprocessor
Change this i5/OS ILE C program example to suit your needs for initializing a key store for your Cryptographic Coprocessor.- Example: ILE RPG program for initializing a key store for your Cryptographic Coprocessor
Change this i5/OS ILE RPG program example to suit your needs for initializing a key store for your Cryptographic Coprocessor.
Parent topic:
Managing the Cryptographic CoprocessorRelated concepts
Cryptography concepts Creating DES and PKA keys