| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Add Master Key Part (ADDMSTPART) command loads a key part for the specified master key by hashing the specified passphrase and adding it into the new master key version.
You should securely store your passphrase outside the system so you can recover the master key should it become damaged.
For more information on master keys, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.
Restrictions:
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| MSTKEY | Master key | 1-8, *ASP, *SAVRST | Required, Positional 1 |
| PASSPHRASE | Passphrase | Character value | Required, Positional 2 |
| PASSLEN | Length of passphrase | 1-256, *CALC | Optional |
| Top |
Specifies the master key on which to perform the action.
This is a required parameter.
The action will be performed on:
| Top |
Specifies a text string. The text string will be hashed and then added into the new version of the master key using an exclusive-OR operation.
Note: If a specific passphrase is added twice, the value is actually removed from the new version because a value exlusive-OR'ed with itself results in a value of 0.
This is a required parameter.
| Top |
Specifies the number of bytes of the value specified for Passphrase (PASSPHRASE) that are to be used to create the key part which will be added to the master key.
| Top |
Example 1: Add a Key Part for a Master Key Specifying Length of Passphrase
ADDMSTPART MSTKEY(3)
PASSPHRASE('Twas brillig, and the slithy toves')
PASSLEN(30)
This command takes the first 30 bytes from the PASSPHRASE parameter, hashes it down to 20 bytes, and adds it into the new version of Master Key 3.
Example 2: Add a Key Part for a Master Key Allowing the System to Calculate the Passphrase Length
ADDMSTPART MSTKEY(*SAVRST)
PASSPHRASE('Twas brillig, and the slithy toves')
PASSLEN(*CALC)
This command removes all trailing blanks from the PASSPHRASE parameter value, takes the resulting text string, hashes it down to 20 bytes, and adds it into the new version of the Save/Restore Master Key.
| Top |
*ESCAPE Messages
| Top |