I am hoping that you have already considered the need for encrypting the TSO session.
Additionally, having the procedure actually documented before entering your production MK is a really good idea. Also, secured key part storage onsite as well as offsite for disaster recovery. Also, naming convention for the operational keys is critical!!! Rob Schramm On Sep 13, 2012 5:50 PM, "Frank Swarbrick" <[email protected]> wrote: > Looks like we found a solution: > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS189. > Frank > > > > > >________________________________ > > From: Frank Swarbrick <[email protected]> > >To: [email protected] > >Sent: Thursday, September 13, 2012 12:43 PM > >Subject: loading cryptographic coprocessor key part registers > > > >We are migrating our PIN/card security process to use ICSF and a Crypto3 > card. All of our vendor's other customers have used the TKE Workstation to > load their operational keys (in multiple key part/component format). We > were not planning on purchasing the TKE feature. But I cannot see any way > outside of TKE to enter operational key components in to the "cryptographic > >coprocessor's keypartregisters" outside of using TKE. Help! > > > >Frank > > > >---------------------------------------------------------------------- > >For IBM-MAIN subscribe / signoff / archive access instructions, > >send email to [email protected] with the message: INFO IBM-MAIN > > > > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
