{"id":25257231,"url":"https://github.com/zowe/keyring-utilities","last_synced_at":"2025-08-20T05:04:32.294Z","repository":{"id":42870692,"uuid":"257935105","full_name":"zowe/keyring-utilities","owner":"zowe","description":"Various key ring utilities that interact with z/OS RACF key rings using R_datalib API","archived":false,"fork":false,"pushed_at":"2025-06-17T15:57:49.000Z","size":104,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-21T09:59:54.543Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zowe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-22T15:02:57.000Z","updated_at":"2025-06-17T15:57:27.000Z","dependencies_parsed_at":"2025-02-12T06:38:20.253Z","dependency_job_id":"aee8a2c4-7023-4560-817e-e2bf8a404fe9","html_url":"https://github.com/zowe/keyring-utilities","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/zowe/keyring-utilities","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zowe%2Fkeyring-utilities","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zowe%2Fkeyring-utilities/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zowe%2Fkeyring-utilities/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zowe%2Fkeyring-utilities/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zowe","download_url":"https://codeload.github.com/zowe/keyring-utilities/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zowe%2Fkeyring-utilities/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271268705,"owners_count":24730023,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-12T06:38:17.044Z","updated_at":"2025-08-20T05:04:32.258Z","avatar_url":"https://github.com/zowe.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# keyring-utilities\nVarious key ring utilities that interact with z/OS RACF key rings using R_datalib API and GSK APIs.\n\n## keyring-util tool\n\nThe `keyring-util` tool is the primary artifact produced by this repository.\n\nThe keyring-util program leverages\n[R_datalib callable service](https://www.ibm.com/docs/en/zos/2.5.0?topic=descriptions-r-datalib-irrsdl00-irrsdl64-certificate-data-library)\nand [GSK CSM APIs](https://www.ibm.com/docs/en/zos/2.5.0?topic=programming-certificate-management-services-cms-api-reference) to perform various operations on digital certificates and RACF key rings. GSM CSM APIs are preferred when available, however, they don't always return complete metadata surrounding certificate definitions, which the R_datalib callable services will provide.\n\n## Build\nEnter the `build/` directory and execute the `build.sh` script\n\n## Syntax\n```bash\nkeyring-util function userid keyring label\n```\n**Parameters:**\n 1. `function` see [Functions](#Functions) section below\n 2. `userid` - an owner of the `keyring` and `label` certificate\n 3. `keyring` - a name of the keyring\n 4. **(Optional)** `-v`: verbose logging.\n 5. Command-specific arguments, see [Functions](#Functions) Supported Arguments.\n\n## Functions\n\n  * `LISTRING` - lists keyring contents in a summarized format containing Label, Owner, Usage, Status, and Default.\n    - Supported Arguments:\n        * `-l \u003clabel\u003e`: Optional. Limits output to certificates with an alias matching `label`.\n        * `-u \u003cusage\u003e`: Optional. Limits output to certificates with USAGE matching `\u003cusage\u003e`. One of `CERTAUTH`, `PERSONAL`, `OTHER`.\n        * `--label-only`: Optional. Limits output to the label field only. Higher priority than `--owner-only`.\n        * `--owner-only`: Optional. Limits output to the owner field only.\n    - Examples:\n        * `keyring-util NEWRING USER01 RING02`\n        * `keyring-util NEWRING USER01 RING02 -l SOMELBL`\n        * `keyring-util NEWRING USER01 RING02 -u PERSONAL --label-only`\n\n  * `NEWRING` - creates a keyring\n    - Example: `keyring-util NEWRING USER01 RING02`\n\n  * `DELRING` - deletes a keyring\n       * Example: `keyring-util DELRING USER01 RING02`\n\n  * `DELCERT` - remove a certificate from a keyring or deletes a certificate from RACF database\n    - Supported Arguments:\n        * `-l \u003clabel\u003e`: Required. Specifies the certificate to be removed by label.\n    **Current Limitation:** The `DELCERT` function can only manipulate a certificate that is owned by the `userid`, i.e. it can't\n     work with certificates owned by the CERTAUTH, SITE or different userid.\n\n    The following example removes `CERT03` certificate owned by the `USER01` from the `RING02` keyring owned by the `USER01` userid\n    * Example: `keyring-util DELCERT USER01 RING02 -l CERT03`\n\n    The following example removes `CERT03` certificate owned by the `USER01` from the RACF database. The command fails if the certificate\n    is still connected to some keyring.\n    * Example: `keyring-util DELCERT USER01 '*' -l CERT03`\n       \n  * `EXPORT` - exports a certificate in PEM format. The file is created in a `pwd` directory with a name of `\u003ccert_alias\u003e.pem`\n    - Supported Arguments:\n        * `-l \u003clabel\u003e`: Required. Specifies the certificate to be exported by label.\n\n    - Example: `keyring-util EXPORT USER01 RING02 -l CERT03`\n        * Creates a file CERT03.pem.\n         \n  * `IMPORT` - imports a certificate from the PKCS12 format. The certificate can be connected to a keyring as `PERSONAL` or `CERTAUTH`.\n    - Supported Arguments:\n        * `-l \u003clabel\u003e`: Required. Specifies the certificate label of the created keyring certificate.\n        * `-u \u003cusage\u003e`: Required. One of `CERTAUTH`, `PERSONAL`.\n        * `-f \u003c/path/to/p12/file\u003e`: Required.  Specifies the path to the PKCS12 certificate being imported.\n        * `-p \u003cpkcs12-password\u003e`: Required. Specifies the password required to open the PKCS12 certificate specified by `-f`.\n\n    **Warning:** The scenario where a private key is also imported currently works only with RACF.\n    * Example: `keyring-util IMPORT USER01 RING02 -l CERT03 -u PERSONAL -f /path/to/file.p12 -p pkcs12_password`\n         \n  * `REFRESH` - refreshes DIGTCERT class\n    * Example: `keyring-util REFRESH`\n\nFor any return and reason codes, check [R_datalib return and reason codes](https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.ichd100/ich2d100238.htm)\n\n## Further development\nThere is room for improvement:\n  * command line argument processing and syntax (perhaps using the argp library from [ambitus project](https://github.com/ambitus/glibc/tree/zos/2.28/master/argp))\n  * an extension of functionality of the current R_datalib functions\n  * adding support for other [R_datalib functions](https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.ichd100/ich2d100226.htm)\n\nWork with the following resource if you want to add support for other R_datalib functions [Data areas for R_datalib callable service](https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.ichc400/comx.htm)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzowe%2Fkeyring-utilities","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzowe%2Fkeyring-utilities","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzowe%2Fkeyring-utilities/lists"}