CREATE.KEY |
![]() ![]() ![]() |
The CREATE.KEY command creates a data encryption key. This command can only be executed by users with administrator rights in the QMSYS account.
Format
CREATE.KEY {keyname {algorithm {keystring}}}
where
The command prompts for items not supplied on the command line.
The CREATE.KEY command creates a new entry in the key vault defining the encryption algorithm and actual key string to be used. If the key vault does not already exist, this command will create it, prompting for the master key to be used to encrypt the key vault. If the key vault does exist, the user will be asked to enter the master key unless it has already been entered during this session.
The keyname may be any sequence of up to 64 letters, digits, periods and hyphens. It is case insensitive.
The algorithm may be any of AES128, AES192 and AES256. The name is case insensitive.
The keystring is up to 64 characters, is case sensitive and can contain any character. For best security, the length of the keystring should be close to the actual length needed by the selected algorithm. This is 16, 24 or 32 characters for the 18, 192 and 256 bit algorithms respectively. The CREATE.KEY command will automatically transform the supplied key to the required length if necessary.
Once a key has been defined, it may be referenced in commands that set up encryption without needing to enter the master key. The keyname does not need to be treated as a secure item. The keystring, on the other hand, must not be disclosed. It is strongly recommended that a copy of the keystring is maintained off-site in case it is ever necessary to rebuild the key vault.
The CREATE.KEY automatically grants access to the key to the user that created it. Other users can be granted access using the GRANT.KEY command
Example
CREATE.KEY CARDNO AES256
The above command creates a 256 bit encryption key named CARDNO. The actual encryption string will be entered in response to a prompt.
See also: Data encryption, CREATE.FILE, DELETE.KEY, ENCRYPT.FILE, GRANT.KEY, LIST.KEYS, RESET.MASTER.KEY, REVOKE.KEY, SET.ENCRYPTION.KEY.NAME |