z/OS DFSMSdss Storage Administration
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Examples of host-based encryption

z/OS DFSMSdss Storage Administration
SC23-6868-01

In the following example, DFSMSdss is used to perform a full volume dump and to compress and encrypt the volume data using a clear TDES key. The clear TDES key is protected using an RSA private key. 
DUMP FULL INDYNAM(VOL001) OUTDD(TAPE1) -
ENCRYPT(CLRTDES) RSA(SYSTEM.PRIVATE.S01024) -
HWCOMPRESS OPTIMIZE(4)
The following is an example of the RESTORE command you would use to restore the data on a system that has the same RSA private key with the same label: 
RESTORE FULL INDD(TAPE1) OUTDYNAM(VOL001)
The following example shows the keywords needed to restore the data on a different system that has had the original RSA private key loaded into ICSF under a different label: 
RESTORE FULL INDD(TAPE1) OUTDYNAM(VOL001) -
RSA(NEWSYSTEM.PRIVKEY.S01024)
The following example shows the backup and recovery of data sets while using 128-bit AES encryption to secure the data. Note that a password is used for key management: 
DUMP DATASET(INCLUDE(SOURCE.**)) -
OUTDDNAME(TAPE2) HWCOMPRESS -
KEYPASSWORD(mySecretPASSWORD) -
ENCRYPT(CLRAES128)

RESTORE DATASET(INCLUDE(SOURCE.**)) -
INDDNAME(TAPE2) -
REPLACE KEYPASSWORD(mySecretPASSWORD)
Parent topic: Using host-based encryption to secure backups

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014