Encipher Using System Keys: Example 6
In this example, an enciphered copy of part of a VSAM relative
record data set is produced using a tape as output. The enciphered
data set is deciphered at a remote installation. The keys are managed
by the Programmed Cryptographic Facility, the Cryptographic Unit Support,
or the z/OS® Integrated Cryptographic
Service Facility.
//ENSYS JOB ...
//STEP1 EXEC PGM=IDCAMS
//CLEAR DD DSN=RRDS1,DISP=SHR
//CRYPT DD DSN=RRDSEN,LABEL=(1,SL),DISP=NEW,
// UNIT=3480,VOL=SER=TAPE01,
// DCB=(DEN=3,RECFM=FB,LRECL=516,BLKSIZE=5160)
//SYSPRINT DD SYSOUT=A
//SYSIN DD *
REPRO -
INFILE(CLEAR) -
OUTFILE(CRYPT) -
COUNT(50) -
ENCIPHER -
(EXTERNALKEYNAME(AKEY27) -
STOREDATAKEY -
CIPHERUNIT(4) -
USERDATA(CONF))
/*
Job control language statements:
- CLEAR DD describes the relative record data set.
- CRYPT DD describes and allocates a magnetic tape file. LRECL is
the relative record data set record size plus 4.
The REPRO command copies 50 records enciphered from a generated data encrypting key, from the source data set, RRDS1, to the output tape. The source records are enciphered in units of 4 records, except for the last 2 records, which are enciphered together. The enciphered data encrypting key is stored in the header of the target data set; therefore, REPRO will not list the key name or enciphered data encrypting key in SYSPRINT. The parameters of the command are:
- INFILE points to the CLEAR DD statement identifying the source data set to be enciphered, RRDS1.
- OUTFILE points to the CRYPT DD statement, identifying the target data set on tape.
- COUNT indicates that 50 records are to be copied.
- ENCIPHER indicates that the target data set is to contain an enciphered copy of the source data set.
- EXTERNALKEYNAME supplies the name, AKEY27, of the external file key to be used to encipher the data encrypting key.
- STOREDATAKEY indicates that the data encrypting key enciphered under the secondary file key is to be stored in the header of the target data set.
- CIPHERUNIT indicates that 4 source records at a time are to be enciphered as a unit.
- USERDATA specifies a character string, CONF, to be stored in the header of the target data set as user data.