Clear Master Encryption Key (CLRMSTKEY)

WARNING: DO NOT clear an *OLD version of a MEK if there are Key Stores still encrypted with this *OLD version. You should first use the TRNKEYSTR command to translate (re-encrypt) the DEKs in the Key Stores which are still encrypted under the *OLD version of the MEK.

The CLRMSTKEY command allows authorized users to clear the *NEW or *OLD version of a Master Encryption Key (MEK).

Before the version of the MEK is cleared, the CRVL001 validation list (*VLDL) object that contains the encrypted Master Encryption Keys is backed up into a Save File object (sequentially named).

The following users can use the CLRMSTKEY command:

QSECOFR user profile (unless excluded in the Key Officer settings)
A user profile with *SECADM authority (unless excluded in the Key Officer settings)
A Key Officer that has a *YES specified for the “Set and clear MEKs” authority setting

How to Get There

From the Master Encryption Key Menu, choose option 4, Clear Master Encryption Key. Or, prompt (F4) the command CRYPTO/CLRMSTKEY.

Field Descriptions

MEK id number

Indicate the id number of the Master Encryption Key (MEK) to clear.

Version

Specify either the *OLD or *NEW version to clear.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.0 | 202307100156 | July 2023