IBM Crypto Education Community

  • 1.  How Can I see key?

    Posted Mon August 19, 2024 08:55 AM

    Hi Every one 

    I generate my key with this code (KGUP Utility):

    //TDESKEY  JOB CLASS=A,REGION=0M,NOTIFY=&SYSUID      
    //KGUP   EXEC PGM=CSFKGUP,PARM=('SSM')               
    //CSFCKDS  DD DSN=CSF.CSFCKDS,                       
    //            DISP=OLD                               
    //CSFDIAG  DD SYSOUT=*,                              
    //            DCB=(RECFM=FBA,LRECL=133,BLKSIZE=13300)
    //CSFKEYS  DD DISP=SHR,DSN=IBM.TEST.CSFKEYS      
    //CSFSTMNT DD DISP=SHR,DSN=IBM.TEST.CSFSTMNT     
    //CSFIN    DD *                                      
    ADD TYPE(DATA) LENGTH(24) ALGORITHM(DES),            
     LAB(TST1)  

    I believe I've created a TDES key, but when I use the csnbkrr utility and provide my label, I receive an unreadable token with unknown phrases, some of which aren't visible in ISPF. Is there a way to view the key generated by this JCL job? Alternatively, can I generate a TDES key of length 24 using my specified words?



    ------------------------------
    Morteza Moradi
    ------------------------------


  • 2.  RE: How Can I see key?

    Posted Mon August 19, 2024 08:57 AM

    With the control card you specified, you created an encrypted key. You cannot see the clear key material for any key created in this way.

    KGUP can be complicated, so it would help for you to explain what you want to accomplish and then we can provide guidance on how to make it work the way you want.



    ------------------------------
    Eric Rossman
    ------------------------------

    Original Message


  • 3.  RE: How Can I see key?

    Posted Tue August 20, 2024 09:40 AM

    Eric is absolutely correct that because you created a secure key (it is encrypted by your master key), you can't see the actual value of the key.  If you are running a current version of ICSF, then you can use the CKDS Keys Utility (See Option 5 on the ICSF Main Menu) to see the Key Attributes and/or the Metadata associated with the key.  That should confirm that the key is in fact a 24-byte TDES key.  The key attributes include a Key Check Value (KCV) that 'represents' the actual key value.  (It is a hash of the clear key value.)

    Greg

    IBM Technology Expert Labs



    ------------------------------
    Gregory Boyd
    ------------------------------

    Original Message