FDRCAMS PRIVATEKEY Statement

PRIVATEKEY statement

A PRIVATEKEY statement is used to invoke RSA private key decryption for the actual encryption key used for all encrypted files created in this IDCAMS step. As described in detail in RSA Public/Private Key Encryption, RSA is a Public Key Algorithm (PKA) using a public key to encrypt and a private key to decrypt. RSA is not used to encrypt the data, rather it is used to encrypt the actual key used to encrypt each file. RSA acts as a form of master key; at the receiving site, the private key is used to decrypt the actual key, which is then used to decrypt the data. If both an FDRCRYPT master key and a RSA public key were used during encryption of a file, either can be specified to decrypt it.

PRIVATEKEY statement syntax

PRIVATEKEY   LABEL=label

Only one PRIVATEKEY statement is allowed in a given FDRCAMS step; the RSA private key is used for all encrypted files created in the step, so all encrypted files read in the step must have been encrypted with the matching public key.

FDRCAMS support for RSA requires the IBM Integrated Cryptographic Service Facility (ICSF) software be configured and active. The RSA keys must be recorded in the ICSF Public Key Data Set (PKDS). See RSA Public/Private Key Encryption” in FDRCRYPT-Techniques-and-Procedures for details.

PRIVATEKEY statement operands

LABEL=

label

Specifies the label (up to 64 printable characters) of the RSA private key as recorded in the ICSF PKDS. ICSF is invoked to decrypt the actual key with the RSA private key.

Note that if you have used a RSA key label with a length of 54 characters or more, this does not fit on one control statement. To specify a long key use this syntax,

PRIVATEKEY,

LABEL=longlabel

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*