Create Keystore File (CRTCKMKSF)

Where allowed to run: All environments (*ALL)
Threadsafe: Yes
Parameters
Examples
Error messages

The Create Keystore File (CRTCKMKSF) command creates a database file for storing cryptographic key values for use with the cryptographic services set of APIs, CL commands, and GUI interface.

For more information on keystore files, refer to the Cryptographic services key management section of the Security category in the IBM Systems Information Center at http://www.ibm.com/systems/infocenter/.

Restrictions:

Top

Parameters

Keyword Description Choices Notes
KEYSTORE Keystore file Qualified object name Required, Positional 1
Qualifier 1: Keystore file Name
Qualifier 2: Library Name, *CURLIB
MSTKEY Master key 1-8 Required, Positional 2
AUT Authority Name, *LIBCRTAUT, *CHANGE, *ALL, *USE, *EXCLUDE Optional
TEXT Text 'description' Character value, *BLANK Optional
Top

Keystore file (KEYSTORE)

Specifies the name and library for the keystore file.

This is a required parameter.

Qualifier 1: Keystore file

name
Specify the name for the keystore file that will be created.

Qualifier 2: Library

*CURLIB
The current library for the job is where the file will be created. If no library is specified as the current library for the job, QGPL is used.
name
Specify the name of the library where the file will be created.
Top

Master key (MSTKEY)

Specifies the id of the master key under which the key values will be encrypted.

This is a required parameter.

1-8
There are eight master keys that can be used for encrypting keystore keys.
Top

Authority (AUT)

Specifies the authority you give to users who do not have specific private or group authority to the keystore file.

*LIBCRTAUT
The public authority for the keystore file is taken from the CRTAUT value for the target library when the file is created.
*CHANGE
The user has read, add, update, and delete authority for the keystore file and can read the object description.
*ALL
The user can perform all authorized operations on the keystore file.
*USE
The user can read the object description and contents, but cannot change the keystore file.
*EXCLUDE
The user cannot access the keystore file in any way.
name
The keystore file is secured by the specified authorization list, and its public authority is set to *AUTL.
Top

Text 'description' (TEXT)

Specifies a brief description of the keystore file.

*BLANK
No text is specified.
character-value
Specify no more than 50 characters of text, enclosed in single quotation marks.
Top

Examples

   CRTCKMKSF  KEYSTORE(MYLIB/MYKEYS) MSTKEY(5) AUT(*EXCLUDE)
              TEXT('My keys are stored here.')

This command creates a database file named MYKEYS in library MYLIB for storing cryptographic services keys. The key values will be stored in the file encrypted under Master Key 5. Users must be specifically authorized to use this file.

Top

Error messages

*ESCAPE Messages

CPF3CF2
Error(s) occurred during running of &1 API.
CPF9872
Program or service program &1 in library &2 ended. Reason code &3.
CPF9D94
A pending value exists for a master key.
CPF9D9D
Error occurred while setting attributes on key store file.
CPF9DA0
Error opening key store file.
CPF9DB3
Qualified keystore file name is not valid.
CPF9DB5
Key store file not created.
CPF9DB7
Error occured writing to the key store file.
Top