Frank, That is not true. Try option "k". But the only reason you would need it would be if you need to store the operational key parts outside of the mainframe. Also, KGUP should support key part entry... although it is one of the oldest interfaces for ICSF. Auto generating keys is probably be the best if the keys are not required outside of the mainframe. Although you should be able to leverage a transport key or temporary session key if you need to exchange the key.
The problems are that the management of the operational key parts are not really being managed outside of some interface like TKE or DKMS. TKE can actually enforce the presence of multiple people for key entry. DKMS has a whole host of ways of actually managing key materials. Rob Schramm Senior Systems Consultant Imperium Group On Fri, Sep 14, 2012 at 11:34 AM, Frank Swarbrick <[email protected]> wrote: > Key part entering is available in ICSF's ISPF interface only for master keys, > not for operational keys. Bizarre but true. Operational keys can only be > entered in full (not parts) or simply generated. > > > > >>________________________________ >> From: Mark Jacobs <[email protected]> >>To: [email protected] >>Sent: Thursday, September 13, 2012 1:30 PM >>Subject: Re: loading cryptographic coprocessor key part registers >> >>ICSF has an ISPF interface that you'll use to enter the key parts. >> >>On 09/13/12 14:43, Frank Swarbrick wrote: >>> We are migrating our PIN/card security process to use ICSF and a Crypto3 >>> card. All of our vendor's other customers have used the TKE Workstation to >>> load their operational keys (in multiple key part/component format). We >>> were not planning on purchasing the TKE feature. But I cannot see any way >>> outside of TKE to enter operational key components in to the "cryptographic >>> coprocessor's keypartregisters" outside of using TKE. Help! >>> Frank >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> >>-- Mark Jacobs >>Time Customer Service >>Tampa, FL >>---- >> >>The quiet ones are the ones that change the universe... >>The loud ones only take the credit. >> >>Londo Mollari - Babylon 5 >> >>---------------------------------------------------------------------- >>For IBM-MAIN subscribe / signoff / archive access instructions, >>send email to [email protected] with the message: INFO IBM-MAIN >> >> >> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
