Display Master Key Attributes (DSPMSTKEY)
The DSPMSTKEY command allows authorized users to display the attributes for a Master Key.
For a *NEW master key, the attributes displayed will be the total passphrase parts specified for a Master Key, along with the user profiles (and timestamps) that specified those parts.
For a *CURRENT or *OLD Master Key, the attributes displayed will be the Key verification value, along with the user profile (and timestamp) which Set the Master Key with the SETMSTKEY command.
How to Get There
From the Master Encryption Key Menu, choose option 3, Display Master Key Attributes. Or, prompt (F4) the command of CRYPTO/DSPMSTKEY.
A Key verification value (KEYVV) is generated by Powertech Encryption for IBM i for each Master Key. The KEYVV is a different value (and has a different purpose) than the actual value of the Master Key. The Master Key’s KEYVV value will be stored with each Key Store created using that Master Key.
When a Key Store is accessed by a user or application, Powertech Encryption for IBM i will compare the KEYVV values between the Key Store and its corresponding Master Key. If the KEYVV values match, then the Master Key is determined as valid for the Key Store.
Example of a *NEW Master Key:
|
Display Master Key Attributes (DSPMSTKEY)
Type choices, press Enter. MEK id number . . . . . . . . . 5 Version . . . . . . . . . . . . *NEW Total parts required . . . . . . 3 Total parts specified . . . . . 2 Part 1 user . . . . . . . . . . MARY Part 1 date/time . . . . . . . . '2009-06-21-01.13.53.760000' Part 2 user . . . . . . . . . . Part 2 date/time . . . . . . . . Part 3 user . . . . . . . . . . QSECOFR Part 3 date/time . . . . . . . . '2009-06-24-20.25.36.968000' |
Example of a *CURRENT Master Key:
|
Display Master Key Attributes (DSPMSTKEY) Type choices, press Enter. MEK id number . . . . . . . . . 5 Version . . . . . . . . . . . . *CURRENT Key verification value . . . . . 92205F1E356E93D144132E172D4F08DC49EC8E39 Last modified by user . . . . . QSECOFR Last modified date/time . . . . '2009-10-15-15.09.38.257000' |