Re: Is a Master Key mandatory in order to access the coprocessor?

[R.S.]

W dniu 2011-01-19 01:59, Francis van Zutphen pisze:
We just dismantled the last Crypto application on one of our lpars and our
CKDS is now empty. My colleague thinks that the MK can now be deleted as
we do not have any application keys in the CKDS.
We still have several middleware software products active(file transfer...etc)
that use SSL.

Do we still need to maintain the Master Key in order to access the co-
processor? For example using ICSF API CSNERNG(Random Number Generate).

Few thoughts:
1. Why do you care? Couldn't you live with MK, even it's not necessary? 
Hint: you don't need to worry about current MK privacy, you can simply 
change MK and "forget" the previous one.
2. Why don't you try it on another LPAR (and domain).

My guess: crypto cards in Coprocessor mode (not to confuse with 
Accelerator mode) do require MK to work, although I didn't check it.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 16.07.2010 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.248.328 zotych. 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html