>YOU ARE CORRECT, I do not have an enclave token yet as there is no input token to enclave create. >Hence You see why I raised the , >REALLY WANT TO AVOID. Key 0 is Very Dangerous. >It was the only way I could get the services to function properly.
I'm sorry, I do not understand what you wrote. There is no conclusion from your first sentence that leads to a "Hence". What does any of this have to do with getting reason 83A on IWM4ECRE? We do not know how that reason code could be obtained from IWM4ECRE. >I would like to run in key 8 if possible or a less sensitive system key (1 - 7). What is stopping you from doing so? Enclave create does not require key 0. The documentation states that the minimum authorization is supervisor state or PKM allowing keys 0-7. That means that you can simply be supervisor state key 8 if you choose. I might quibble about 'allowing keys 0-7' when it really means 'allowing at least one key in the range 0-7' >The relationship between Connect/Classify/Create Enclave with respect to Tokens and PKM is not as "crisp" as I would >prefer. The documentation is "poor" at best. It would be far more helpful if you would explain what you find to be "poor" rather than just saying it is poor. For example, what "relationship" with respect to PKM are you referring to? Each service documents its minimum authorization. There is always room for improvement in our documentation; the more specific you can be about what you find bad, the more likely it is that it can be improved / corrected. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
