Translate Key Store (TRNKEYSTR)

The Translate Key Store (TRNKEYSTR) command allows authorized users to translate (re-encrypt) the Symmetric Keys within a Key Store to the *CURRENT version of a Master Encryption Key (MEK).

Notes

TRNKEYSTR can be executed while users and applications are active on the system.
TRNKEYSTR will not modify any existing data contained within your database files.
Existing data will not need to be re-encrypted after a TRNKEYSTR is performed.
After executing the TRNKEYSTR command, you should verify that the Key verification values (KEYVV) match between the Key Store and the Master Key by viewing those values with the DSPKEYSTR and DSPMSTKEY commands.

The following users can use this command:

QSECOFR user profile (unless excluded in the Key Officer settings)
A user profile with *SECADM authority (unless excluded in the Key Officer settings)
A Key Officer whom has a *YES specified for the "Maintain key stores" authority setting.

The user must have *CHANGE authority to the Key Store Validation List (*VLDL) object and *USE authority to the library that contains the Key Store.

How to Get There

From the Symmetric Encryption Key Menu, choose option 3.

Options

Key store name (KEYSTR)

Indicate the Key Store name and Library to translate.

key-store-name Enter the name of the Key Store.

*DEFAULT Use the default Key Store name specified at the Key Policy level.

The possible library values are:

library-name Enter the name of the library where the Key Store is located.

To MEK id number (TOMEKID)

Indicate the id number of the Master Encryption Key (MEK) which will be used to translate (re-encrypt) any entries contained in the Key Store. The *CURRENT version of the specified MEK must exist.

The possible values are:

mek-id-number Indicate a number from 1-8.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.0 | 202307100156 | July 2023