Create Key Store (CRTKEYSTR)
The Create Key Store (CRTKEYSTR) command allows authorized users to create a Key Store for containing Symmetric Keys.
Screen Example: CRTKEYSTR Command with Sample Values
The following users can utilize this command:
- QSECOFR user profile (unless excluded in the Key Officer settings)
- A user profile with *SECADM authority (unless excluded in the Key Officer settings)
- A Key Officer who has a *YES specified for the "Maintain key stores" authority setting.
- When Set as default key store (SETDFT) is *YES A Key Officer who has a *YES specified for the "Maintain key policy" authority setting.
The Key Store is created as a Validation List (*VLDL) object on the System i.
This command requires authority to IBM's CRTVLDL (Create Validation List) command.
This command requires authority to IBM's CRTLIB (Create Library) command when CRTLIB (Create Library) is set to *YES.
How to Get There
From the Symmetric Encryption Key Menu, choose option 1.
Options
Key store name (KEYSTR)
Indicate the name and library of the Key Store, which is created as a Validation List (*VLDL) object on the System i.
Create library (CRTLIB)
Indicate to create the key store library if it does not exist.
The possible values are:
MEK id number (MEKID)
Indicate the id number of the Master Encryption Key (MEK) which will be used to encrypt any Symmetric Keys which are added (created) to the Key Store.
The possible values are:
Description (TEXT)
Indicate the description for the Key Store object.
Public authority (AUT)
Indicate the public authority for the Key Store *VLDL object.
The possible values are:
Set the key store as the default (SETDFT)
Indicate to set the new key store as the default key store in the key policy.
The possible values are: