Key data set contents
The key data set contains one or more rows of 80 characters per row.
ignores any characters in columns 72 through 80. Each row contains:
- One encryption key
- A corresponding timestamp
- An optional encryption algorithm identifier
- An optional comment
These fields are separated by one or more blank characters. The first character of the comment is an asterisk. Rows are ordered in the data set by timestamp with the most recent timestamp first. The current key is the key in the first row. The format of the key data set row is:
<key value> <timestamp> <encryption algorithm id> <comment>
An example of the contents of a key data set follows:
X'0ABCDEF123456789FEDCBA000111111' 2009-11-23-12-00 *128 bit DES encryption
X'123456789ABCDEF1' 2009-08-23-11-10
X'723DE6789000DEF1' 2008-12-12-16-40 DES *64 bit DES encryption
X'723DE6789000DEF1723DE6789000DEF1' 2008-12-12-14-00 AES *128 bit AES encrypt
X'F1F2F3F4F5F6F7F8' 2008-01-01-12-00
X'123456789ABCDEF1' 2009-08-23-11-10
X'723DE6789000DEF1' 2008-12-12-16-40 DES *64 bit DES encryption
X'723DE6789000DEF1723DE6789000DEF1' 2008-12-12-14-00 AES *128 bit AES encrypt
X'F1F2F3F4F5F6F7F8' 2008-01-01-12-00
uses the contents of the key data set to determine a key value for encryption or decryption of image copies. The
COPY commands such as COPY TABLESPACE and COPY INDEXSPACE use the current key or the key in the first row of the key data set to encrypt image copies. If the timestamp in the first row is in the future,
sets the condition code to 4, issues a warning message, and creates plaintext image copies.
Encrypted image copies are registered in BMCXCOPY. As with SYSCOPY registration, BMCXCOPY registration includes a timestamp specifying when the copy was registered. The
COPY IMAGECOPY command, as well as
and Log Master, use this timestamp to find the correct key value in the key data set. For more information about the registration of encrypted copies, see Registration-for-plaintext-image-copies.
For example, if
selected an image copy for a recovery from BMCXCOPY with a timestamp of 2009-02-12-10.00, the encryption key and DES algorithm in the third row in the example key data set above is selected.
This section contains the following topics:
Related topics
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*