If you just want a list of the key labels, then a 'PRINT INDA('ckds name') COUNT(9999)' will probably work, if you have read access to the keystore. (Be careful and see below.) If you want something to format the flags and fields in the record then you can do that either processing the data thru the ICSF APIs or directly reading the VSAM file. I've got REXX EXECs but they are not very comprehensive. I use the RXVSAM package from the CBTape to read the VSAM record and then display specific fields.
The problem is that in most shops, the CKDS contains clear keys, and anyone that has authority to read the keystore can also see the actual key value of those clear keys. (The secure keys are encrypted under the master key, so that key material is protected.) I recommend that only the ICSF address space should have authority to the keystore. In addition, if you use the APIs, then the application must run APF authorized to process a clear key. The last several releases of ICSF have introduced a number of enhancements related to key management, so I suspect that somebody, somewhere is working on a key management tool (or set of tools) that will provide details about existing key records. Since key management is the hard part of crypto, such a tool is sorely needed. Greg gregboyd@mainframecrypto.comprehensive www.mainframecrypto.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN