LABLPKDS Keyword—Specify Certificate Label

Keywords › LABLPKDS Keyword—Specify Certificate Label

LABLPKDS Keyword—Specify Certificate Label

Valid on z/OS.

Use the LABLPKDS keyword to specify an optional label associated with the certificate private or public key being stored into the ICSF storage facility. Up to 64 characters can be specified for the label name. The field can be used with the ICSF, PCICC, NISTECC, or BPECC keywords.

This label is used as a descriptive identifier for a certificate ICSF key, and must be unique across the MVS complex.

This keyword has the following format:

TSS ADDTO(acid) LABLPKDS(PKDS—label—name/*)

LABLPKDS(PKDS—label—name/*)

LABLPKDS(PKDS—label—name/*)

(Optional) Specifies the PKDS label of the record created in the ICSF Public Key Data Set (PKDS). The field can be used with the ICSF, PCICC, NISTECC, or BPECC, but many of these keywords cannot be used together (see individual keyword descriptions for details). If neither ICSF or PCICC is specified, a PCICC key is generated by the hardware and saved in CRT format in the ICSF PKDS. If NISTECC or BPECC is specified, an ECC key is generated, otherwise an RSA key is generated.

Specify (*) to take the value from the LABLCERT keyword. In that case, LABLCERT is specified along side LABLPKDS(*). If LABLPKDS(*) is specified without the LABLCERT keyword, an error message is displayed.

In either case, the PKDS label must conform to ICSF label syntax rules. The first character must be alphabetic or national. The field is folded to uppercase.

Valid characters: Alphanumeric, national (@,#,$) or period(.).

Limits: Up to 64 characters

This keyword is used with:

The ACID types User, DCA, VCA, ZCA, LSCA, and SCA
The commands GENCERT, ADDTO, P11TOKEN, and REKEY
ACID(MAINTAIN) for users within their scope, and MISC4(CERTGEN)
MISC4(CERTSITE) for SITE
ACID and MISC4(CERTAUTH) for CERTAUTH ACID.

Examples: LABLPKDS keyword

This example adds a digital certificate to the security file and the private key is stored in the ICSF PKDS data set. The value for the PKDS label is user1.cert0002.

TSS ADD(user1) DIGICERT(cert0001)
               DCDSN(user.certificate.pfx12) pkcspass(password)
               LABLPKDS(user1.cert0001)
               ICSF

This example adds a digital certificate with the private key stored in ICSF. The value for the PKDS label is taken from the LABLCERT keyword. The certificate label will be user.certificate.personel. The PKDS label will be USER.CERTIFICATE.PERSONEL.

TSS ADD(user1) DIGICERT(cert0002)
               DCDSN(user.certificate.pfx12) pkcspass(password)
               LABLPKDS(*)
               ICSF
               LABLCERT(user1.cert0002.personel)

This example generates an ECC certificate with the private key stored in the ICSF PKDS. The value for the PKDS label is USER1.CERT0003.BPECC.

TSS GENCERT(user1) DIGICERT(cert0003)
               LABLPKDS(user1.cert0003.bpecc)
               PCICC
               BPECC

This example generates an ECC certificate with the private key stored in the ICSF PKDS. The value for the PKDS label is USER1.CERT0004.NISTECC.

TSS GENCERT(user1) DIGICERT(cert0004)
               LABLPKDS(user1.cert0004.nistecc)
               NISTECC