Skip to Content
Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Copy for Db2 13.1.

Key data set contents

The key data set contains one or more rows of 80 characters per row.

BMC AMI Copy ignores any characters in columns 72 through 80. Each row contains:

  • One encryption key
  • A corresponding timestamp
  • An optional encryption algorithm identifier
  • An optional comment

These fields are separated by one or more blank characters. The first character of the comment is an asterisk. Rows are ordered in the data set by timestamp with the most recent timestamp first. The current key is the key in the first row. The format of the key data set row is:

keyValue    timeStamp    encryptionAlgorithmID Comment

An example of the contents of a key data set follows:

X'0ABCDEF123456789FEDCBA000111111' 2009-11-23-12-00  *128 bit DES encryption    
X'123456789ABCDEF1'          2009-08-23-11-10
X'723DE6789000DEF1'  2008-12-12-16-40     DES   *64 bit DES encryption
X'723DE6789000DEF1723DE6789000DEF1' 2008-12-12-14-00  AES *128 bit AES encrypt
X'F1F2F3F4F5F6F7F8'  2008-01-01-12-00

BMC AMI Copy uses the contents of the key data set to determine a key value for encryption or decryption of image copies. The BMC AMI Copy COPY commands such as COPY TABLESPACE and COPY INDEXSPACE use the current key or the key in the first row of the key data set to encrypt image copies. If the timestamp in the first row is in the future, BMC AMI Copy sets the condition code to 4, issues a warning message, and creates plaintext image copies.

Encrypted image copies are registered in BMCXCOPY. As with SYSCOPY registration, BMCXCOPY registration includes a timestamp specifying when the copy was registered. The BMC AMI Copy COPY IMAGECOPY command, as well as BMC AMI Recover and Log Master, use this timestamp to find the correct key value in the key data set. For more information about the registration of encrypted copies, see Registration for plaintext image copies.

For example, if BMC AMI Recover selected an image copy for a recovery from BMCXCOPY with a timestamp of 2009-02-12-10.00, the encryption key and DES algorithm in the third row in the example key data set above is selected. 

Key value

BMC AMI Copy supports both 64-bit and 128-bit keys. (See Encryption algorithm identifier.) The key data set can contain either or both key sizes. The key value is a clear key represented in the key data set as a string of 16 or 32 hexadecimal digits in the following format:

X'dd...'

X'dd...'The X and the quotes are required. The X must occur in the first column and be upper case. 

Timestamp

The date, hour, and minute string uses following formats:

yyyy-mm-dd-hh-mm

or

yyyy-mm-dd-hh.mm

The values are decimal numbers and are padded on the left with a zero if necessary. The timestamp must be separated from the key value by at least one blank space.

Encryption algorithm identifier

An encryption algorithm identifier is optional in the key data set. The encryption algorithm identifiers supported are

  • DES for Data Encryption Standard (for 64-bit keys)
  • DES for Triple Data Encryption Standard (for 128-bit keys)
  • AES for Advanced Encryption Standard (requires 128-bit keys)

The algorithm identifier defaults to DES if no identifier is provided. If you provide an identifier, you must separate it from the timestamp by at least one blank. BMC AMI Copy distinguishes between the two varieties of DES based on the length of the key (64-bit or 128-bit). 

Comments

Comments are optional in the key data set. A comment begins with an asterisk that is separated from the preceding field by at least one blank.

Related topic

Key-data-set

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Copy for Db2 12.1