z/OS DFSMS Access Method Services Commands
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Decipher Using System Keys: Example 7

z/OS DFSMS Access Method Services Commands
SC23-6846-01

In this example, the enciphered data set produced by the job in Encipher Using System Keys: Example 6 is deciphered, using a VSAM relative record data set as the target for the plaintext (deciphered) data. The empty slots in the original data set are reestablished. Keys are managed by the Programmed Cryptographic Facility or the Cryptographic Support Unit. 
//DESYS    JOB    ...
//STEP2    EXEC PGM=IDCAMS
//CRYPT    DD   DSN=RRDSEN,LABEL=(1,SL),DISP=OLD,
//              UNIT=3480,VOL=SER=TAPE01,
//              DCB=DEN=3
//CLEAR    DD   DSN=RRDS2,DISP=SHR
//SYSPRINT DD   SYSOUT=A
//SYSIN    DD   *
     REPRO -
           INFILE(CRYPT) -
           OUTFILE(CLEAR) -
           DECIPHER -
             (SYSTEMKEY -
             SYSTEMKEYNAME(BKEY27))
/*
Job control language statements:
  • CRYPT DD describes and allocates the magnetic tape containing the enciphered data.
  • CLEAR DD describes the relative record data set.

    The REPRO command copies and deciphers the enciphered data set from the source tape to the target data set RRDS2. The enciphered data encrypting key is obtained from the header of the source data set. Use the internal file key (BKEY27) to decipher the enciphered data encrypting key that is then used to decipher the data. The parameters of the REPRO command are:

  • INFILE points to the CRYPT DD statement, identifying the tape containing the enciphered source data.
  • OUTFILE points to the CLEAR DD statement, identifying the data set to contain the deciphered data, RRDS2. The defined record size must be the same as that of the original relative record data set.
  • DECIPHER indicates that the source data set is to be deciphered as it is copied to the target data set.
  • SYSTEMKEY indicates that keys are managed by the Program Cryptographic Facility, the Cryptographic Unit Support, or the z/OS® Integrated Cryptographic Service Facility.
  • SYSTEMKEYNAME supplies the key name, BKEY27, of the internal file key that was used to encipher the system data encrypting key. The file key must be an internal file key in this system.
Parent topic: REPRO Examples

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014