Extract Keystore File Entry (EXTCKMKSFE)
The Extract Keystore File Entry (EXTCKMKSFE) command extracts an
X.509 SubjectPublicKeyInfo public key from a keystore file entry
containing a public or private PKA key.
For more information on keystore, refer to the Cryptographic
Services Keystore article in the Cryptographic Services section of
the APIs topic collection in the Programming category in the i5/OS
Information Center at http://www.ibm.com/systems/i/infocenter/.
Restrictions:
- You must have object operational (*OBJOPR) and read (*READ)
authorities to the keystore file.
- You must have execute (*X) authority to the directories in the
path name prefix of the stream file.
- You must have write (*W) authority to the stream file if it
already exists.
- You must have write and execute (*WX) authority to the stream
file's parent directory if the stream file does not already
exist.
| Keyword |
Description |
Choices |
Notes |
| KEYSTORE |
Keystore file |
Qualified object name |
Required, Positional 1 |
| Qualifier 1: Keystore file |
Name |
| Qualifier 2: Library |
Name, *LIBL, *CURLIB |
| RCDLBL |
Record label |
Character value |
Required, Positional 2 |
| STMF |
Stream file |
Path name |
Required, Positional 3 |
| STMFOPT |
Stream file option |
*NONE, *ADD, *REPLACE |
Optional |
| AUT |
Authority |
*DFT, *INDIR, *FILE, *INDIRFILE |
Optional |
Keystore file (KEYSTORE)
Specifies the keystore file to use.
This is a required parameter.
Qualifier 1: Keystore file
- name
- Specify the name of the keystore file.
Qualifier 2: Library
- *LIBL
- All libraries in the library list for the current thread are
searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library
is specified as the current library for the thread, the QGPL
library is searched.
- name
- Specify the name of the library to search for the file.
Record label (RCDLBL)
Specifies the label of a key record in the specified keystore
file.
This is a required parameter.
- character-value
- Specify the key record label. The label can be up to 32
characters and contain any alphanumeric characters.
Stream file (STMF)
Specifies the path name for the stream file that will contain
the key.
All directories in the path name must exist. New directories are
not created. If the stream file does not exist, it is created.
This is a required parameter.
- path-name
- Specify the stream file path name.
Stream file option (STMFOPT)
Specifies whether the operation replaces, adds, or fails to copy
the key into the stream file if a stream file with the specified
name already exists. If the stream file does not exist, it is
created.
- *NONE
- If the stream file exists, the key is not copied and the
command fails.
- *ADD
- The key is added to the end of the existing stream file.
- *REPLACE
- The key replaces the contents of the existing stream file.
Authority (AUT)
Specifies the method used to assign authority information to the
stream file.
This parameter is ignored if the stream file already exists.
- *DFT
- The owner of the stream file will be granted *RWX data
authority to the stream file. The primary group and *PUBLIC will
have *NONE data authority to the stream file. Object authorities
will be based on the object authorities for the directory where the
stream file is to be created. The auditing value of the database
file will be copied to the stream file.
- *INDIR
- The authority information for the stream file is based on the
authority for the directory where the stream file is to be created.
The stream file is assigned the same public authority, private
authorities, primary group, primary group authority, and
authorization list as the directory in which it is created. The
auditing value assigned to the stream file is controlled by the
directory's create object auditing value. If the target file system
does not support the *INDIR special value, the command will
fail.
- *FILE
- The authority information for the stream file is based on the
authority for the object specified on the From file member or
save file (FROMMBR) parameter. The stream file is assigned the
same public authority, private authorities, primary group, primary
group authority, authorization list, and auditing value as the
member or save file being copied. If the target file system does
not support one or more of these values, the unsupported values
will be ignored.
- *INDIRFILE
- The authority information for copied objects is initially based
on the authority for the directory where the objects are to be
created. Then, authority information from the object specified on
the FROMMBR parameter will be copied to the target object.
The stream file is assigned the same public authority, private
authorities, primary group, primary group authority, authorization
list, and auditing value as the member or save file being copied,
as well as any additional private authorities obtained from the
directory. The resulting authority information will be similar to
that produced by copying and pasting objects using the System i
Navigator. If the target file system does not support the
*INDIRFILE special value, the command will fail.
EXTCKMKSFE KEYSTORE(MYLIB/MYKEYSTORE) RCDLBL('Byllesby')
STMF('/myKeys/key1.RSAPUB')
This command extracts a public key from key record Byllesby in
keystore file MYKEYSTORE in library MYLIB and writes it to stream
file /myKeys/key1.RSAPUB. If the stream file does not exist, it is
created. If it does exist, the operation fails because the default
for STMFOPT is *NONE.
*ESCAPE Messages
- CPF3CF2
- Error(s) occurred during running of &1 API.
- CPF9872
- Program or service program &1 in library &2 ended.
Reason code &3.
- CPF9D9F
- User not authorized to key store file.
- CPF9DA0
- Error opening key store file.
- CPF9DA1
- Key record not found.
- CPF9DA5
- Key store file not found.
- CPF9DA6
- Key store file is not available.
- CPF9DA7
- File is corrupt or not a valid key store file.
- CPF9DAA
- A key requires translation.
- CPF9DAB
- One or more keys could not be decrypted.
- CPF9DB3
- Qualified keystore file name is not valid.
- CPF9DB6
- Record label not valid.
- CPF9DB8
- Error occured reading record from key store.
- CPF9DE7
- Key type not valid.
- CPFA097
- Object not copied. Object is &1.