I have created a new RSA pub/priv key pair and of course have the appropriate token name.

I would like to copy that RSA priv key in the PKCS into a new token name preserving the existing token name and key.   I have no need to get the priv key out of ICSF.

Would an IDCAMS repo of that key to a new name work?  (under same master key)

Would a PKA Public Key Extract do what I want?  I'm not 100% sure, but it does not look like it creates a new token name for the priv key.   But only for the pub key.

Or would I be able to do this with the PKA Key Translate call?

I've reviewed the ICSF Admin manual and have not been able to find anything that suggests it will do what I want.

Nor have I found anything in the TKE manual either.

Maybe I didn't look close enough to find what I needed?

The RSA priv key is only used for signatures, if that helps.

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------

It sounds as if you simply want a copy of an existing key in the PKDS. If that is the case, you can accomplish this with the following services:
PKDS Key Record Read2 (CSNDKRR2 and CSNFKRR2)
PKDS Key Record Create (CSNDKRC and CSNFKRC)
PKDS Key Record Write (CSNDKRW and CSNFKRW)

These are documented in the ICSF Application Programmers Guide. You read the current key and then create the new one under a new label. PKDS Key Record Write is in case you need to overwrite the new label for some reason.

Let me know if I misunderstood.

------------------------------
Roan Dawkins
------------------------------

Original Message:
Sent: Tue March 29, 2022 03:30 PM
From: Mark Vollmer
Subject: Copy existing RSA priv key to a new token name.


I have created a new RSA pub/priv key pair and of course have the appropriate token name.

I would like to copy that RSA priv key in the PKCS into a new token name preserving the existing token name and key.   I have no need to get the priv key out of ICSF.

Would an IDCAMS repo of that key to a new name work?  (under same master key)

Would a PKA Public Key Extract do what I want?  I'm not 100% sure, but it does not look like it creates a new token name for the priv key.   But only for the pub key.

Or would I be able to do this with the PKA Key Translate call?

I've reviewed the ICSF Admin manual and have not been able to find anything that suggests it will do what I want.

Nor have I found anything in the TKE manual either.

Maybe I didn't look close enough to find what I needed?

The RSA priv key is only used for signatures, if that helps.

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------

Roan,

Thanks.  I did not see your reply before adding my own.  I appreciate the help very much.  I will look to see if I can go this route.

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------

Original Message:
Sent: Tue March 29, 2022 03:55 PM
From: Roan Dawkins
Subject: Copy existing RSA priv key to a new token name.

It sounds as if you simply want a copy of an existing key in the PKDS. If that is the case, you can accomplish this with the following services:
PKDS Key Record Read2 (CSNDKRR2 and CSNFKRR2)
PKDS Key Record Create (CSNDKRC and CSNFKRC)
PKDS Key Record Write (CSNDKRW and CSNFKRW)

These are documented in the ICSF Application Programmers Guide. You read the current key and then create the new one under a new label. PKDS Key Record Write is in case you need to overwrite the new label for some reason.

Let me know if I misunderstood.

------------------------------
Roan Dawkins

Original Message:
Sent: Tue March 29, 2022 03:30 PM
From: Mark Vollmer
Subject: Copy existing RSA priv key to a new token name.


I have created a new RSA pub/priv key pair and of course have the appropriate token name.

I would like to copy that RSA priv key in the PKCS into a new token name preserving the existing token name and key.   I have no need to get the priv key out of ICSF.

Would an IDCAMS repo of that key to a new name work?  (under same master key)

Would a PKA Public Key Extract do what I want?  I'm not 100% sure, but it does not look like it creates a new token name for the priv key.   But only for the pub key.

Or would I be able to do this with the PKA Key Translate call?

I've reviewed the ICSF Admin manual and have not been able to find anything that suggests it will do what I want.

Nor have I found anything in the TKE manual either.

Maybe I didn't look close enough to find what I needed?

The RSA priv key is only used for signatures, if that helps.

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------

I am also finding in Chapter 13 of the pgmr gde, PKDS Key Record Read/Write calls.

Would it be just as simple to read the key and write to the new key, pass the data from the first call to the second call?

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------

Original Message:
Sent: Tue March 29, 2022 03:30 PM
From: Mark Vollmer
Subject: Copy existing RSA priv key to a new token name.


I have created a new RSA pub/priv key pair and of course have the appropriate token name.

I would like to copy that RSA priv key in the PKCS into a new token name preserving the existing token name and key.   I have no need to get the priv key out of ICSF.

Would an IDCAMS repo of that key to a new name work?  (under same master key)

Would a PKA Public Key Extract do what I want?  I'm not 100% sure, but it does not look like it creates a new token name for the priv key.   But only for the pub key.

Or would I be able to do this with the PKA Key Translate call?

I've reviewed the ICSF Admin manual and have not been able to find anything that suggests it will do what I want.

Nor have I found anything in the TKE manual either.

Maybe I didn't look close enough to find what I needed?

The RSA priv key is only used for signatures, if that helps.

Thanks,
Mark

------------------------------
Mark Vollmer
------------------------------