This assumes you have reviewed IBM GSKit (Global Security Kit) - Getting Started (command line) or IBM iKeyman - Getting Started (GUI).

Let's say you have a Key Database file named example.kdb. One way to interact with the Key Database file is to use the -pw (password) option, like this.

${install_root}/gsk8/bin/gsk8capicmd_64
-cert
-list all
-db /path/to/example.kdb
-pw your_password

Another option is to use -stashed, like this.

${install_root}/gsk8/bin/gsk8capicmd_64
-cert
-list all
-db /path/to/example.kdb
-stashed

Before -stashed can be used, you must first create the stash file, which in this scenario would be example.sth. Here is how you would go about creating the stash file.

${install_root}/gsk8/bin/gsk8capicmd_64
-keydb
-stashpw
-db example.kdb
-pw your_password

By default, the permission of the stash file will be -rw-------. With these permissions, only the user that created the stash file (root in this example) would be permitted to read the stash file.

-rw------- 1 root root   129 May 28 04:47 example.sth

If you want other users to be able to use the stash file, use the chmod command to update the permissions of the stash file to be -rw-r--r--.

-rw-r--r-- 1 root root   129 May 28 04:47 example.sth

Once the stash file exists, then instead of using the -pw <your password> option, the -stashed option can be used, and the password in the stash file will be used. Notice no parameters follow the -stashed option. Instead, the stash file must reside in the same directory as the Key Database file.

${install_root}/gsk8/bin/gsk8capicmd_64
-cert
-list
-db /path/to/example.kdb
-stashed

If you have Perl at your disposal, the following Perl script can be used to decode the stash file.

#!/usr/bin/perl
use strict;
use warnings;

my $file  = "/path/to/your.sth";
my $stash = "";

open(FH, "<", "$file") or die "Can't open $file $! \n";
read FH, $stash, 1024;
close FH;

my @unstash = map { $_^0xf5 } unpack("C*", $stash);

foreach my $line (@unstash) {
  last if $line eq 0;
  printf "%c",$line;
}