I understand your confusion. We switched to the new panel in 2010 with HCR7780.
Option 2 is meant for refreshing to a PKDS when the current master keys on the
cards match. Option 5 is meant for refreshing to a PKDS when the new MKs on the
cards match the PKDS.
Eric Rossman
---------------------------------
ICSF Security Architect
z/OS Security
---------------------------------
-----Original Message-----
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of
Frank Swarbrick
Sent: Friday, May 23, 2025 2:18 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] ICSF - PKDS Operations
We are migrating to a new mainframe management provider with a new mainframe,
so we need to load the DES and RSA master keys on to the cryptographic
co-processor. Our instructions are based on a prior version of z/OS, so some
things have changed. We're now on z/OS 2.5. For the most part I've been able
to determine which new functions map to the documented ones, but I'm unclear on
which of the new options maps to old option "REFRESH PKDS". These are the ones
I am seeing now:
---------------------------- ICSF - PKDS Operations ------
COMMAND ===>
Enter the number of the desired option.
1 Initialize an empty PKDS and activate master keys
KDSR format? (Y/N) ===> Y
2 Refresh - Activate a PKDS
3 Update an existing PKDS
4 Update an existing PKDS and activate master keys
5 Refresh and activate master keys
Enter the name of the PKDS below.
PKDS ===>
Press ENTER to execute your option.
Press END to exit to the previous menu.
Thanks,
Frank
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
