Extract Keystore File Entry (EXTCKMKSFE)

Where allowed to run: All environments (*ALL)
Threadsafe: Yes
Parameters
Examples
Error messages

The Extract Keystore File Entry (EXTCKMKSFE) command extracts an X.509 SubjectPublicKeyInfo public key from a keystore file entry containing a public or private PKA key.

For more information on keystore, refer to the Cryptographic Services Keystore article in the Cryptographic Services section of the APIs topic collection in the Programming category in the i5/OS Information Center at http://www.ibm.com/systems/i/infocenter/.

Restrictions:

Top

Parameters

Keyword Description Choices Notes
KEYSTORE Keystore file Qualified object name Required, Positional 1
Qualifier 1: Keystore file Name
Qualifier 2: Library Name, *LIBL, *CURLIB
RCDLBL Record label Character value Required, Positional 2
STMF Stream file Path name Required, Positional 3
STMFOPT Stream file option *NONE, *ADD, *REPLACE Optional
AUT Authority *DFT, *INDIR, *FILE, *INDIRFILE Optional
Top

Keystore file (KEYSTORE)

Specifies the keystore file to use.

This is a required parameter.

Qualifier 1: Keystore file

name
Specify the name of the keystore file.

Qualifier 2: Library

*LIBL
All libraries in the library list for the current thread are searched until the first match is found.
*CURLIB
The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
name
Specify the name of the library to search for the file.
Top

Record label (RCDLBL)

Specifies the label of a key record in the specified keystore file.

This is a required parameter.

character-value
Specify the key record label. The label can be up to 32 characters and contain any alphanumeric characters.
Top

Stream file (STMF)

Specifies the path name for the stream file that will contain the key.

All directories in the path name must exist. New directories are not created. If the stream file does not exist, it is created.

This is a required parameter.

path-name
Specify the stream file path name.
Top

Stream file option (STMFOPT)

Specifies whether the operation replaces, adds, or fails to copy the key into the stream file if a stream file with the specified name already exists. If the stream file does not exist, it is created.

*NONE
If the stream file exists, the key is not copied and the command fails.
*ADD
The key is added to the end of the existing stream file.
*REPLACE
The key replaces the contents of the existing stream file.
Top

Authority (AUT)

Specifies the method used to assign authority information to the stream file.

This parameter is ignored if the stream file already exists.

*DFT
The owner of the stream file will be granted *RWX data authority to the stream file. The primary group and *PUBLIC will have *NONE data authority to the stream file. Object authorities will be based on the object authorities for the directory where the stream file is to be created. The auditing value of the database file will be copied to the stream file.
*INDIR
The authority information for the stream file is based on the authority for the directory where the stream file is to be created. The stream file is assigned the same public authority, private authorities, primary group, primary group authority, and authorization list as the directory in which it is created. The auditing value assigned to the stream file is controlled by the directory's create object auditing value. If the target file system does not support the *INDIR special value, the command will fail.
*FILE
The authority information for the stream file is based on the authority for the object specified on the From file member or save file (FROMMBR) parameter. The stream file is assigned the same public authority, private authorities, primary group, primary group authority, authorization list, and auditing value as the member or save file being copied. If the target file system does not support one or more of these values, the unsupported values will be ignored.
*INDIRFILE
The authority information for copied objects is initially based on the authority for the directory where the objects are to be created. Then, authority information from the object specified on the FROMMBR parameter will be copied to the target object. The stream file is assigned the same public authority, private authorities, primary group, primary group authority, authorization list, and auditing value as the member or save file being copied, as well as any additional private authorities obtained from the directory. The resulting authority information will be similar to that produced by copying and pasting objects using the System i Navigator. If the target file system does not support the *INDIRFILE special value, the command will fail.
Top

Examples

EXTCKMKSFE   KEYSTORE(MYLIB/MYKEYSTORE)  RCDLBL('Byllesby')
             STMF('/myKeys/key1.RSAPUB')


This command extracts a public key from key record Byllesby in keystore file MYKEYSTORE in library MYLIB and writes it to stream file /myKeys/key1.RSAPUB. If the stream file does not exist, it is created. If it does exist, the operation fails because the default for STMFOPT is *NONE.

Top

Error messages

*ESCAPE Messages

CPF3CF2
Error(s) occurred during running of &1 API.
CPF9872
Program or service program &1 in library &2 ended. Reason code &3.
CPF9D9F
User not authorized to key store file.
CPF9DA0
Error opening key store file.
CPF9DA1
Key record not found.
CPF9DA5
Key store file not found.
CPF9DA6
Key store file is not available.
CPF9DA7
File is corrupt or not a valid key store file.
CPF9DAA
A key requires translation.
CPF9DAB
One or more keys could not be decrypted.
CPF9DB3
Qualified keystore file name is not valid.
CPF9DB6
Record label not valid.
CPF9DB8
Error occured reading record from key store.
CPF9DE7
Key type not valid.
CPFA097
Object not copied. Object is &1.
Top