IBM Crypto Education Community

Hello ,

To start from scratch with the usage of the PASS TICKET encrypted between 2 Lpars using CCA mode coprocessors it's plan to do the following steps :

0- Loading Master keys (DES,AES,RSA,ECC)
1- Put the CSNBENC module in LPA
2- Protect/give access to the appropriate group users on the following services in the CSFSERV class :
CSFCKI
CSFKRC
CSFKRW
CSFKRD
Does this of only those 4 services to protect is sufficient ?

3- RDEF PTKTDATA MYAPPL SSIGNON(KEYENCRYPTED(1234567812345678)) on both systems (required PTKTDATA profiles)

However , We're in zOS 2.3 version : is there any other steps to add to the above ones 0-3 ?
Is there any CSFKEYS profile to add ?

Thank you .

------------------------------
Nordine
------------------------------

Please review the instructions in the RACF doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.icha700/secsign.htm

If you have more questions, please let me know. Thanks.

------------------------------
Bob Petti
------------------------------

Original Message:
Sent: Mon November 23, 2020 02:52 AM
From: Nordine Mosbah
Subject: Pass ticket encrypted

Hello ,

To start from scratch with the usage of the PASS TICKET encrypted between 2 Lpars using CCA mode coprocessors it's plan to do the following steps :

0- Loading Master keys (DES,AES,RSA,ECC)
1- Put the CSNBENC module in LPA
2- Protect/give access to the appropriate group users on the following services in the CSFSERV class :
CSFCKI
CSFKRC
CSFKRW
CSFKRD
Does this of only those 4 services to protect is sufficient ?

3- RDEF PTKTDATA MYAPPL SSIGNON(KEYENCRYPTED(1234567812345678)) on both systems (required PTKTDATA profiles)

However , We're in zOS 2.3 version : is there any other steps to add to the above ones 0-3 ?
Is there any CSFKEYS profile to add ?

Thank you .

------------------------------
Nordine
------------------------------