Yeah, I agree that it is a pity. We just didn't have the demand for it when AES was implemented in KGUP and your question was the first one I can recall. I don't believe that the TRANSKEY is even used when you are generating a random AES key but we don't do a great job documenting that (we're trying to improve our doc).
That said, you have a number of options. One is to do as you suggest and use the same control cards on both systems to create identical AES keys. Another option would be to use callable services. ICSF callable services are accessible from (almost) any language you can name. I have personally implemented calls from C, C++, COBOL, Python, REXX, and ASM (that I can think of). I know that PL/I is also supported and I did some research and found that GoLang (and any other language that can speak LE) should work. Eric Rossman --------------------------------- ICSF Security Architect z/OS Security --------------------------------- -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Radoslaw Skorupka Sent: Monday, May 19, 2025 8:33 AM To: [email protected] Subject: [EXTERNAL] Re: CSFKGUP does not feed CSFSTMNT file It's a pity. How can I (safely) export the AES key to another system? Should I create the statement manually, by using CSFKEYS DD output? -- Radoslaw Skorupka Lodz, Poland W dniu 19.05.2025 o 14:29, Eric Rossman pisze: > It looks like we never implemented this for AES keys. There is a comment in > the code that says "This is not available for AESKW encrypted keys." > > Eric Rossman > --------------------------------- > ICSF Security Architect > z/OS Security > --------------------------------- > > -----Original Message----- > From: IBM Mainframe Discussion List<[email protected]> On Behalf Of > Radoslaw Skorupka > Sent: Monday, May 19, 2025 8:21 AM > To:[email protected] > Subject: [EXTERNAL] CSFKGUP does not feed CSFSTMNT file > > Simple job, KGUP aka CSFKGUP utility > ADD LABEL(lab1) TYPE(CIPHER) OUTTYPE(CIPHER) ALGORITHM(AES), > LENGTH(32) TRANSKEY(transkey) > > Job ends with RC=0, but CSFSTMNT has no entries. > > Any clue? > > -- > Radoslaw Skorupka > Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
