On Mon, 26 Mar 2007 13:04:17 -0500, McKown, John <[EMAIL PROTECTED]> wrote:
>> -----Original Message----- >> From: IBM Mainframe Discussion List >> [mailto:[EMAIL PROTECTED] On Behalf Of Schramm, Rob >> Sent: Monday, March 26, 2007 12:55 PM >> To: [email protected] >> Subject: Re: ICSF on z890? >> >> >> If you are just trying to get up and running for testing.. >> just use the >> PassPhrase init. "6 PPINIT - Pass Phrase Master Key/CKDS >> Initialization".. it is very easy. I don't think it is recommended to >> stay in that mode for production.. but it is a sysprog dream when you >> are just trying to get a handle on everything and get it up >> and running >> the first time. >> >> I did that for the tire-kicking and some initial testing >> before heading >> down some of the more difficult issues. > >I tried. I get 'OPTION NOT AVAILABLE'. Yes, I have the CSF started task >going. > (Sorry for the delayed response... just got back from a DR drill... surprised R.S. hasn't jumped in as he knows this stuff well). John, You can't get there from here. You (and people trying to help you) are trying to initialize hardware you don't have. No crypto hardware means no master keys to load and no need for a PKDS/CKDS. (BTW, the ICSF sysprog guide documents how to do this and there are samples in SYS1.SAMPLIB). As you saw.. you have ICSF active and you can still use some clear key functions. I think something similar to this exec has been posted before. It will test clear key. It performance the same function as the ENCODE option of UTILITY in the ICSF ISPF dialogs: /* REXX - PROGRAM REXXCSF */ /***************************************************************/ /* See if ICSF is active/online by doing a test CSNBECO call */ /***************************************************************/ return_code = '00000000'x reason_code = '00000000'x exit_data_length = '00000000'x exit_data = '' clear_key = 'C1C2C3C4F1F2F3F4'x clear_text = '4321000000001234'x cipher_text = '0000000000000000'x Address LINKPGM "CSNBECO return_code reason_code exit_data_length", "exit_data clear_key clear_text cipher_text" If rc = 0 then do Say 'ICSF is active and working!' Say ' ' Say 'The data below should match the ICSF utility ENCODE panel:' Say ' ' Say 'Clear Key ===> C1C2C3C4F1F2F3F4' Say 'Plaintext ===> 4321000000001234' Say 'Ciphertext :' C2x(cipher_text) End Else Say 'ICSF is kaput, RC=' rc I'm pretty sure I've posted this in the past, but if you want to understand what hardware you have and what options there are some good white papers and red books. Search the archives. Here are some of the books / papers I have save... which unfortunately are old at this point but should be helpful (hopfully a search of IBM techdocs and redbooks will get you them if you want): White Papers: Secure Key or Clear Key: Application Migration & Crypto Hardware on z990 or The Basics of What You Need to Understand about zSeries Crypto Hardware and Applications zSeries z990 Hardware Cryptography Considerations ----------------------------- Redbooks (oldest to newest): zSeries Crypto Guide Update IBM eserver zSeries 990 (z990) Cryptography Implementation z9-109 Crypto and TKE V5 Update HTH. If you want to contact me off list, feel free to do so. Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group: G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
