Create Device Desc (Crypto) (CRTDEVCRP)
The Create Device Description (Crypto) (CRTDEVCRP) command creates a device description for a cryptographic device.
Keyword |
Description |
Choices |
Notes |
DEVD |
Device description |
Name |
Required, Key, Positional 1 |
RSRCNAME |
Resource name |
Name, *NONE |
Required, Key, Positional 2 |
APPTYPE |
Application type |
*CCA, *CCAUDX, *NONE |
Optional |
ONLINE |
Online at IPL |
*NO, *YES |
Optional |
MSGQ |
Message queue |
Single values: *SYSVAL, *SYSOPR Other values: Qualified object name |
Optional |
Qualifier 1: Message queue |
Name |
Qualifier 2: Library |
Name, *LIBL, *CURLIB |
PKAKEYFILE |
PKA key store file |
Single values: *NONE Other values: Qualified object name |
Optional |
Qualifier 1: PKA key store file |
Name |
Qualifier 2: Library |
Name, *LIBL, *CURLIB |
DESKEYFILE |
DES key store file |
Single values: *NONE Other values: Qualified object name |
Optional |
Qualifier 1: DES key store file |
Name |
Qualifier 2: Library |
Name, *LIBL, *CURLIB |
TEXT |
Text 'description' |
Character value, *BLANK |
Optional |
AUT |
Authority |
Name, *CHANGE, *ALL, *USE, *EXCLUDE, *LIBCRTAUT |
Optional |
Device description (DEVD)
Specifies the name of the device description being created.
Resource name (RSRCNAME)
Specifies the resource name that identifies the hardware that the description represents.
- *NONE
- No resource name is specified. A resource name must be provided before the device can be varied on.
- resource-name
- Specify the name that identifies the crypto device hardware on the system.
Note: Use the Work with Hardware Resources (WRKHDWRSC) command with TYPE(*CRP) specified to determine the resource name.
Application type (APPTYPE)
Specifies the application that runs inside of the secure computing environment on the cryptographic device.
- *CCA
- The flash memory in the cryptographic device is initialized with the Common Cryptographic Architecture (CCA) application.
Note: This value is valid only for 4758 and 4764 device types.
- *CCAUDX
- The flash memory in the cryptographic device is initialized only if the system does not detect the CCA application or a CCA User Defined Extension (UDX) application within the flash memory of the device.
Note: This value is valid only for 4758 and 4764 device types.
- *NONE
- The cryptographic device does not support flash memory applications.
Note: This value is valid only for 2058 device type.
Online at IPL (ONLINE)
Specifies whether this object is automatically varied on at initial program load (IPL).
- *NO
- This device is not varied on automatically at IPL.
- *YES
- This device is varied on automatically at IPL.
Message queue (MSGQ)
Specifies the qualified name of the message queue to which messages are sent.
The possible qualified names are:
- *SYSVAL
- The messages are sent to the message queue specified by the system value.
- *SYSOPR
- Messages are sent to the QSYSOPR message queue in QSYS.
- message-queue-name
- Specify the name of the message queue to which operational messages are sent.
- *LIBL
- All libraries in the job's library list are searched until the first match is found.
- *CURLIB
- The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.
- library-name
- Specify the name of the library to be searched.
PKA key store file (PKAKEYFILE)
Specifies the name of the database file containing the PKA (Public Key Algorithm) keys.
Single values
- *NONE
- No default PKA key database is used.
Other values
- PKA-key-store-file-name
- Specifies the name of the default PKA key database.
The possible library values are:
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
- library-name
- Specify the library where the object is located.
DES key store file (DESKEYFILE)
Specifies the name of the database file containing the DES (Data Encryption Standard) keys used for this device.
Single values
- *NONE
- No default DES key database is used.
Other values
- DES-key-store-file-name
- Specifies the name of the default DES key database.
The possible library values are:
- *LIBL
- All libraries in the library list for the current thread are searched until the first match is found.
- *CURLIB
- The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
- library-name
- Specify the library where the object is located.
Text 'description' (TEXT)
Specifies the text that briefly describes the object.
- *BLANK
- No text is specified.
- character-value
- Specify no more than 50 characters of text, enclosed in apostrophes.
Authority (AUT)
Specifies the authority you are giving to users who do not have specific authority for the object, who are not on an authorization list, and whose group profile or supplemental group profiles do not have specific authority for the object.
- *CHANGE
- The user can perform all operations on the object except those limited to the owner or controlled by object existence (*OBJEXIST) and object management (*OBJMGT) authorities. The user can change and perform basic functions on the object. *CHANGE authority provides object operational (*OBJOPR) authority and all data authority. If the object is an authorization list, the user cannot add, change, or remove users.
- *ALL
- The user can perform all operations except those limited to the owner or controlled by authorization list management (*AUTLMGT) authority. The user can control the object's existence, specify the security for the object, change the object, and perform basic functions on the object. The user also can change ownership of the object.
- *USE
- The user can perform basic operations on the object, such as running a program or reading a file. The user cannot change the object. Use (*USE) authority provides object operational (*OBJOPR), read (*READ), and execute (*EXECUTE) authorities.
- *EXCLUDE
- The user cannot access the object.
- *LIBCRTAUT
- The system determines the authority for the object by using the value specified for the Create authority (CRTAUT) parameter on the Create Library (CRTLIB) command for the library containing the object to be created. If the value specified for the CRTAUT parameter is changed, the new value will not affect any existing objects.
- name
- Specify the name of an authorization list to be used for authority to the object. Users included in the authorization list are granted authority to the object as specified in the list. The authorization list must exist when the object is created.
CRTDEVCRP DEVD(CRP01) RSRCNAME(CRP01)
This command creates a device description for a cryptographic device that is named CRP01. The device type is determined from the resource name.
*ESCAPE Messages
- CPF261A
- Device description &1 not created due to errors.