Change Symmetric Key (CHGSYMKEY)

The CHGSYMKEY command allows authorized users to change the attributes of an existing Data Encryption Key (Symmetric Key).

The following users can use the CHGSYMKEY command:

QSECOFR user profile (unless excluded in the Key Officer settings)
A user profile with *SECADM authority (unless excluded in the Key Officer settings)
A Key Officer that has a *YES specified for the “Maintain DEKs” authority setting

The user must have *CHANGE authority to the Validation List (*VLDL) object containing the Key Store.

How to Get There

From the Symmetric Encryption Key Menu, choose option 12.

Options

Key label (KEYLABEL)

Indicate the unique name (label) of the Key.

Key store name (KEYSTR)

Indicate the object name and library of the Key Store which contains the Symmetric Key.

key-store-name Enter the name of the Key Store.

*DEFAULT Use the default Key Store name specified at the Key Policy level.

The possible library values are:

library-name Enter the name of the library where the Key Store is located.

Encryption allowed with key (ENCRYPTALW)

Indicate if this key can be used to encrypt data.

The possible values are:

*YES This key can be used to encrypt data.

*NO This key cannot be used to encrypt data.

Decryption allowed with key (DECRYPTALW)

Indicate if this key can be used to decrypt data.

The possible values are:

*YES This key can be used to decrypt data.

*NO This key cannot be used to decrypt data.

Log encryption usage (LOGENCRYPT)

Indicate if the usage of the Key for encryption purposes will be logged into the audit journal file.

The possible values are:

*YES Usage of the key for encryption will be logged.

*NO Usage of the key for encryption will not be logged.

Log decryption usage (LOGDECRYPT)

Indicate if the usage of the Key for decryption purposes will be logged into the audit journal file.

The possible values are:

*YES Usage of the key for decryption will be logged.

*NO Usage of the key for decryption will not be logged.

Key generation option (GENOPT)

Indicate the option used to generate the Symmetric Key.

The possible values are:

*RANDOM The Key is randomly generated by Powertech Encryption. This is the preferred option.

*REMOTE The key value is stored in an External Key Manager.

*PASS The Key is generated based on a user-entered passphrase, iteration count and salt. Uses the PBKDF2 pseudorandom key function as detailed in RFC2898.

*MANUAL The Key value is manually entered by the user.

External key manager (EXTKEYMGR)

Valid for GENOPT(*REMOTE). Indicate the name of the External Key Manager that contains the remote key. The properties for the External Key Manager must be predefined using the WRKEKM command.

External key label (EXTKEYLBL)

Valid for GENOPT(*REMOTE). Indicate the label (or name) of the remote key in the External Key Manager. The key label is case sensitive.

External key store name (EXTKEYSTR)

Valid for GENOPT(*REMOTE).

If the remote key is in the product, then specify the name of the remote key store that contains the key.

ext-key-store-name Specify the name of the Key Store.

*DEFAULT Use the default Key Store name specified at the Key Policy level on the remote server.

The possible library values are:

library-name Specify the name of the library where the Key Store is located.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.0 | 202307100156 | July 2023