Loading and Managing Master Keys on z/OS Hands-on Lab

Master keys can be an intimidating topic. Auditors want keys changed on a routine basis, but no one wants to make a change that might 'break' crypto functionality ... and master keys are a key (pun intended) component of cryptography. Fortunately, ICSF and z/OS provide a robust means for creating, changing and managing the master keys that are so critical.

If you are tasked with managing the crypto environment, coordinating the work of key officers or responding to auditors questions about keys you will be interested in this hands-on lab. In this lab, you will use the Passphrase Initialization (PPINIT) utility to initialize the crypto environment, and then see why PPINIT is a great way to get started, but is not the best way to run your production environment. Next, you will work through the process of generating key parts, calculating checksums and loading those keys into the hardware. You'll see how to use the verification patterns and hash patterns provided by ICSF to coordinate master keys across production, test and development systems as well as making sure the correct keys are available at your disaster recovery (DR) site. Working through the procedures in this lab will provide a level of comfort for exercising the process in your shop and give you insights into the procedures that should be documented for your key officers.

Attendees should be familiar with ISPF to navigate the panels available with ICSF.

Tracks: Enterprise Data Center Management and Security and Compliance