P11TOKEN Subcommand

The P11TOKEN subcommand lets you define and manage objects within a PKCS #11 token. 
acf2src
The P11TOKEN subcommand lets you define and manage objects within a PKCS #11 token. PKCS #11 is a cryptographic token interface standard from RSA Laboratories of RSA Security Inc. This subcommand specifies an application programming interface to devices, called tokens, that hold cryptographic information and performs cryptographic functions.
CA ACF2
supports PKCS # on z/OS 1.9 systems and higher through ICSF services. On z/OS, PKCS #11 tokens are virtual smart cards that contain certificates, public keys, and private keys.
P11token Add Token(token-name) P11token DELete Token(token-name) [Force] P11token List Token(token-name)|Mtoken(token-mask) P11token Bind Token(token-name)|Certdata(logonid | logonid.suffix) [Label(label)] [Usage(PERSONAL|CERTAUTH|SITE)] [DEFault] P11token Unbind Token(token-name) Certdata(logonid | logonid.suffix) [Label(label)] Seqnum(sequence #) P11token IMport Token(token-name) Seqnum(sequence-#) Certdata(logonid | logonid.suffix) [Label(label)][ICSF][PCICC][Pkdslbl(pkds-label)]
Example: Define a P11TOKEN
Define a P11TOKEN to manage your webserver.
ADD TOKEN(
wbsrv.token
) Token Name: WEBSRV.TOKEN Sequence Labels Attributes --------- ------------------ ----------- No objects exit for this token
In this example, a P11TOKEN is defined to manage your webserver.
The following functions are available under the P11TOKEN subcommand:
  • ADD
    Creates an empty token.
  • DELETE
    Removes objects form the token and deletes the token.
  • BIND
    Connects a
    CA ACF2
    certificate, public key, and private key to an existing token.
  • LIST
    Displays information about the objects that are contained in the token.
  • UNBIND
    Removes a certificate and its keys from an existing token.
  • IMPORT
    Copies a certificate and its keys from an existing token into the
    CA ACF2
    database.