Skip to Content
Information
Space announcement This space now contains the documentation for all the following components:
  • CHANGE ACCUMULATION PLUS
  • IMAGE COPY PLUS
  • RECOVERY MANAGER for IMS
  • RECOVERY PLUS for IMS
We are no longer updating the individual documentation spaces for these components. For the latest documentation, see BMC AMI Backup and Recovery for IMS 5.2.

Creating an encryption key file

Your encryption key file contains your organization’s encryption keys.

When you implement encryption, this file becomes a critical resource that must be handled with the same precautions that you use for RECON data sets, databases, and other important resources.

Related topics

Encrypting-and-decrypting-image-copies

Success

Tip

To avoid potential problems, use only one encryption key file (or only a few) for your entire organization. Each additional encryption key file that you use increases the possibility of procedural errors that can threaten recoverability.

To create the encryption key file

  1. Allocate an encryption key file with the following attributes:
    • physical sequential data set organization (DSORG=PS)
    • fixed blocked record format (RECFM=FB)
    • 80-byte logical record length (LRECL=80)
    • block size that is a multiple of 80 bytes (such as BLKSIZE=800)

  2. Set up definitions in your security access facility (such as RACF) to restrict access to the encryption key file.

    Error
    Warning

    Potentially, any person or program that can access your encryption key file can decrypt your data.

  3. Add the encryption key file to the disaster recovery assets that are sent to the remote site, and ensure that when the file is updated, the updated file is sent to the remote site.

    Error
    Warning

    It is impossible to decrypt an encrypted image copy if the correct encryption key file is not available, does not contain the correct key, or contains a different key that meets the key selection criteria instead of the original key.

  4. Set up procedures to ensure that backups of the encryption key file are taken at appropriate intervals.

    Success

    Tip

    Back up the encryption key file at the same time that most of your image copies are taken.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Backup and Recovery for IMS 5.1