Converting to AES256 and changing the Master Password

Document ID : KB000016569
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Converting to AES256 and changing the Master Password for the MSCA.

Question:

We are running Top Secret r16 on z/OS 2.2. We are running with encryption AES128. and using CPF to propagate passwords We want to convert our Top Secret database to AES256 and update the master password at the same time. This is a process we will need to run on over 40 systems. For just the AES256 conversion, I have reviewed knowledge base article 1678562 but want to find out if there is a process which would include updating the master password? If not, please let me know where I can find the steps or process. Since converting all of these systems will take a couple of months to complete will CPF continue to work without any issues?

Answer:

We currently dont have any tech doc the encompasses both activating AES256 encryption AND changing the MSCA password at the same time.

You have two places where you can change the MSCA password.
1. When running TSSMAINT to format a new security file.
2. Using an SCA to change the MSCA passoword.

If you are formatting a new security file to allow AES256 encryption, you can change the password when running TSSMAINT job to format the file.

If you already have AES256 support for your security file, you can use an SCA to change the MSCA password. This can be done at any time.