>>-+------------------------------------------------+----------><
| .---ENCRYPT ( CLRAES128 )--------. |
'-RSA(label)--+--------------------------------+-'
'---ENCRYPT----(--+-CLRTDES-+--)-'
'-ENCTDES-'
- RSA
The RSA keyword allows you to specify the label of an existing
RSA public key that is present in the ICSF PKDS. The RSA public key
is used to encrypt a randomly generated data key, so that the encrypted
data key can be stored on the output medium.
ICSF only allows
labels for RSA keys to be up to 64 characters long. The first character
must be alphabetic or a national character (#, $, @). The remaining
characters may be alphabetic, numeric, national, or a period.
Note: - You can also specify the label of an RSA public/private key
pair.
ICSF uses the public key when encrypting the data key.
- The
RSA keyword cannot be specified with the KEYPASSWORD keyword.
- When
using ENCTDES, or running on z800/z900 hardware, ensure that
the RSA key is an internal key. Under these scenarios, an external
RSA key will not be accepted by ICSF during the restore of the data.
- ENCRYPT
The ENCRYPT keyword allows you to specify the type of encryption
key and the type of encryption that DFSMSdss performs on the dumped
data. You can specify one of the following options. If you do not
specify the ENCRYPT keyword, CLRAES128 is the default. If you specify
ENCRYPT with the RSA keyword, the data key is randomly generated for
each DUMP command.
- CLRTDES - This option specifies that the dumped data is encrypted
with a clear triple-length DES key.
- CLRAES128 - This option
specifies that the dumped data is encrypted
with a clear 128-bit AES key
- ENCTDES - This option specifies
that the dumped data is encrypted
with a secure triple-length DES key.