| Where allowed to run: All environments (*ALL) Threadsafe: Yes |
Parameters Examples Error messages |
The Clear Master Key (CLRMSTKEY) command clears the specified master key version. For all master keys except the Save/Restore Master Key, the key value and key verification value (KVV) are set to null (binary zeroes). Clearing the Save/Restore Master Key sets the key value for the specified version to the default value with a KVV of hexadecimal '16C1D3E3C073E77DB28F33E81EC165313318CE54'.
For more information on master keys, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.
Restrictions:
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| MSTKEY | Master key | 1-8, *ASP, *SAVRST | Required, Positional 1 |
| VERSION | Master key version | *NEW, *CURRENT, *OLD, *PENDING | Required, Positional 2 |
| Top |
Specifies the master key on which to perform the action.
This is a required parameter.
The action will be performed on:
| Top |
Specifies the version of the master key to clear.
This is a required parameter.
Note: Before clearing an old master key version, ensure no keys or data are still encrypted under it.
| Top |
Example 1: Clear the New Version of a Master Key
CLRMSTKEY MSTKEY(1) VERSION(*NEW)
This command clears the new version of Master Key 1. The new version consists of all key parts that were loaded since the last time the master key was set. The master key could have been set by running the Set Master Key (SETMSTKEY) command.
Example 2: Clear the Pending Version of a Master Key
CLRMSTKEY MSTKEY(4) VERSION(*PENDING)
This command clears the pending version of Master Key 4. The existence of a pending version indicates that the master key had been restored to the system, but the system was unable to decrypt it.
| Top |
*ESCAPE Messages
| Top |