In HCR77D2 (V2R5), we shipped a sample CSFMKVPR which does exactly what you are asking for.
Notes:
1. Please make sure to keep a backup of the KDS before the operation for safe keeping.
2. The sample works on sequential files (IDCAMS REPRO of the CKDS or PKDS) to avoid manipulating a VSAM file directly.
3. The sample will refuse to remove an MKVP if there are any tokens that depend on that master key present. We will list the key labels which prevent the operation in the job output.
------------------------------
Eric Rossman
------------------------------
Original Message:
Sent: Tue July 05, 2022 05:01 AM
From: Fernando Pedro Neves
Subject: Clear current master key
Hi,
I have AES and DES master keys defined along with a CKDS with operational keys.
Now i don't need DES master key anymore.
How can i clear DES master key ?
Do I have to start with a fresh CKDS and activate AES master key again ?
What about the existing operational keys AES encrypted currently in the CKDS ?
obs. i also use a TKE.
Thank you your help.
Fernando
------------------------------
Fernando Pedro Neves
------------------------------