Administration of Keys
To be able to periodically replace keys, you have to create the required key versions and start the key replacement.
Features
In the Administration of Key Versions for PAYCRV
transaction, you generate the key versions required for encryption and start the key replacement. On the SAP Easy Access screen, choose 
Cross-Application Components
Security of Payment Cards Data
Encryption of Payment Cards
. The following functions are available there:
Create new key versions and distribute them to the application servers
Display information on the use of key versions
Delete key versions that are no longer needed
You can create as many key versions as you need. The system uses the most current key version for encrypting payment card data.
The system continues to use old key versions for decryption as long as there are data records in the system that were encrypted using the old version. For this reason, you cannot delete old key versions immediately. Instead you first have to migrate the existing data records for the old version to the current key version.
You can ultimately delete the old key once you have migrated the data successfully, since then the old key version is no longer needed for decryption. To ensure the utmost security, however, the earliest date deletion can take place is 90 days after the migration.
The functions for generating and deleting key versions are protected by authorization object SSFVADM
(activities 01 and 02).
See also the documentation for the program.
Note
The Trust Manager (transaction STRUST
) merely displays the keys for the SSF application PAYCRV
.