Use the following procedure to replace an existing Master Key with a new Master Key. 

Verify the following  

  1. On the Main Menu, choose Option 1 to open the Key Policy and Security Menu.
  2. Choose option 2 (or use the command CRYPTO/DSPKEYPCY) to display your Key Policy. Review the values for ‘MEK number of passphrase parts’ and ‘MEK each part by unique user.’
  3. Under the Key Policy and Security Menu (option 1 on the Main Menu), choose option 10 (or use the command CRYPTO/WRKKEYOFR) to display the Work with Key Officers panel. Identify the Key Officers who can enter the passphrase parts and maintain key stores.
  4. Return to the Main Menu and choose option 3 to display the Symmetric Encryption Key Menu. Choose option 2 (or use the command CRYPTO/ DSPKEYSTR) to open the Display Key Store Attributes panel. Check that the MEK version of your Key Store(s) is *CURRENT before proceeding.

 Set the new Master Key

  1. Perform the following steps to load the Master Encryption Key:  
    1. From the Main Menu, choose Option 2 to open the Master Key Menu, then choose option 1 to load the Master Encryption Key (or prompt (F4) command CRYPTO/LODMSTKEY).
    2. Fill in the MEK id number, MEK passphrase part (if your key policy requires more than one passphrase part, this will be 1, 2, etc.) and the Passphrase. Passphrases are case sensitive.
    3. Press Enter.
    4. Repeat until all Passphrase parts have been entered.
  2. Set the Master Key:
    1. Under the Master Key Menu (option 2 on the Main Menu), choose option 2 (or prompt (F4) command CRYPTO/SETMSTKEY) to set the Master Encryption Key.
    2. Enter the MEK id number and press Enter.
  3. Under the Symmetric Key Menu (option 3 on the Main Menu), choose option 2 (or use the command CRYPTO/ DSPKEYSTR) to check that the MEK version of your Key Store(s) is now *OLD.
  4. Translate (re-encrypt) the Key Stores:
    1. Under the Symmetric Key Menu (option 3 on the Main Menu), choose option 3 (or prompt the command CRYPTO/TRNKEYSTR) to translate the key stores.
    2. Enter the Key Store name/library and the MEK id number and press Enter.
    3. If you have multiple key stores, repeat this process for each one.
  5. After translating the key stores, Under the Symmetric Key Menu (option 3 on the Main Menu), choose option 2 (or use the command CRYPTO/ DSPKEYSTR) to display the Key Store Attributes. The MEK version should now show *CURRENT.

 Powertech Encryption now uses your new Master Key.

 For further details on setting a new Master Key, please refer to the Symmetric Key Management in the Powertech Encryption User Guide.