Tweet
I've been reviewing the IBM documentation for keystore files and master key management, and it explains how to set master keys, but not how programs will access and use master keys. For instance, I'll want to retrieve RSA keys from a keystore file for a Qc3CalculateSignature() call, so I'll put the keystore file name in a KEYD0400 format, but I don't understand how the function will know the master key in order to access the keystore file. Has anyone used these before? Thanks!
-
-
When you create your keystore file, you must specify the master key number that you want to use to encode the keys held within that file.
Then when you want to use the keys in a crypto API like Qc3CalculateSignature, you specify the Record Label for the key you want to use. The system will transparently handle the decryption of the key value from the keystore and use it for the operation, so you don't have to obtain any raw key value within your application.
Comment