Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see Recovery Management for Db2 13.1.

Key data set contents

The key data set contains one or more rows of 80 characters per row.

Some content is unavailable due to permissions.

ignores any characters in columns 72 through 80. Each row contains:

  • One encryption key
  • A corresponding timestamp
  • An optional encryption algorithm identifier
  • An optional comment

These fields are separated by one or more blank characters. The first character of the comment is an asterisk. Rows are ordered in the data set by timestamp with the most recent timestamp first. The current key is the key in the first row. The format of the key data set row is:

<key value>   <timestamp>   <encryption algorithm id>    <comment>

An example of the contents of a key data set follows:

X'0ABCDEF123456789FEDCBA000111111' 2009-11-23-12-00  *128 bit DES encryption    
X'123456789ABCDEF1'          2009-08-23-11-10
X'723DE6789000DEF1'  2008-12-12-16-40     DES   *64 bit DES encryption
X'723DE6789000DEF1723DE6789000DEF1' 2008-12-12-14-00  AES *128 bit AES encrypt
X'F1F2F3F4F5F6F7F8'  2008-01-01-12-00

Some content is unavailable due to permissions.

uses the contents of the key data set to determine a key value for encryption or decryption of image copies. The

Some content is unavailable due to permissions.

COPY commands such as COPY TABLESPACE and COPY INDEXSPACE use the current key or the key in the first row of the key data set to encrypt image copies. If the timestamp in the first row is in the future,

Some content is unavailable due to permissions.

sets the condition code to 4, issues a warning message, and creates plaintext image copies.

Encrypted image copies are registered in BMCXCOPY. As with SYSCOPY registration, BMCXCOPY registration includes a timestamp specifying when the copy was registered. The

Some content is unavailable due to permissions.

COPY IMAGECOPY command, as well as

Some content is unavailable due to permissions.

and Log Master, use this timestamp to find the correct key value in the key data set. For more information about the registration of encrypted copies, see Registration-for-plaintext-image-copies.

For example, if

Some content is unavailable due to permissions.

selected an image copy for a recovery from BMCXCOPY with a timestamp of 2009-02-12-10.00, the encryption key and DES algorithm in the third row in the example key data set above is selected.

This section contains the following topics:

Related topics

Key-data-set

Key-data-set-requirements



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*