Before you can perform any operation using a key store file or key stored in a key store file, you must name the key store file.
You can name two types of key store files. One type stores Data Encryption Standard (DES) keys and Triple-DES keys. DES and Triple DES are symmetric cryptographic algorithms; the Cryptographic Coprocessor uses the same key to encrypt and decrypt. The other type stores public key algorithm (PKA) keys. Public key algorithms are asymmetric; keys are created in pairs. Cryptographic Coprocessors use one key to encrypt and the other to decrypt. Cryptographic Coprocessors support the RSA public key algorithm.
You can name a key store file explicitly by using a program, or you can name it by configuring it on the device description. To name a key store file from a program, use the Key_Store_Designate (CSUKSD) security application programming interface (SAPI). If you name key store files that use a program, your Cryptographic Coprocessor only uses the names for the job that ran the program. However, by naming key store files explicitly in your program, you can use separate key store files from other users. If you name key store files on the device description, you do not have to name them in your program. This may help if you are trying to maintain the same program source across multiple IBM® platforms. It is also useful if you are porting a program from another implementation of Common Cryptographic Architecture.
You need to store your cryptographic keys in a secure form so that you can use them over time and exchange them with other users and servers, as appropriate. You can store your cryptographic keys by using your own methods, or you can store them in a key store file. You can have as many key store files as you want, and you can create multiple key store files for each type of key. You can place as many cryptographic keys in your key store files as you want.
Since each key store file is a separate server object, you can authorize different users to each file. You can save and restore each key store file at different times. This depends on how often the file's data changes or which data it is protecting.