FDRCAMS KEYFILE Statement
KEYFILE statement
The optional KEYFILE statement specifies the data set name (and optionally the volume serial) of the Encryption Keyfile to be used by FDRCAMS. The default is a cataloged Encryption Keyfile name specified in the FDR Global Options (option KEYFILE). If present, code this statement as the first statement in the FDRCRYPT input.
KEYFILE statement syntax
KEYFILE | DSN=dsn |
|---|---|
,VOL=vol |
For FDRCAMS encryptions, a record describing the encrypted file and its key is written in the Encryption Keyfile, similar to the way that FDRCRYPT backups are recorded. For FDRCAMS decryptions, if the Encryption Keyfile is available, the decryption key is extracted from the Encryption Keyfile automatically. If the Encryption Keyfile is not available, then specify DSN=NULLFILE on the KEYFILE statement to bypass allocating the Encryption Keyfile.
For FDRDECRY decryption and encryption, a Encryption Keyfile is normally not used and automatically defaults to DSN=NULLFILE.
When FDRCAMS is used to exchange encrypted files with other sites, the Encryption Keyfile is usually not transmitted to the other site. On-site, it is used to record information about the encrypted file, and the actual encryption key can be displayed by an authorized user (see the FDRCRYFM documentation in FDRCRYFM-Utility) but it is not used at the receiving site. At the receiving site, either the actual key, master key, or RSA private key must be specified to decrypt the file.
KEYFILE statement operands
DSN=
The fully-qualified data set name of the Encryption Keyfile to be used by this FDRCAMS step (up to 44 characters). If VOL= is not specified on the KEYFILE statement, this data set must be cataloged.
For decryption, DSN=NULLFILE can be specified, in which case FDRCAMS does not attempt to access any Encryption Keyfile. In this case, the required encryption keys or master/private keys must be specified. If DSN=NULLFILE is omitted, the Encryption Keyfile specified in the FDR Global Options is allocated and opened, even if it is not needed; if it cannot be located, an error occurs.
Default: The default is obtained from the FDR Global Options (see FDRCRYPT-Key-Management). However, for PGM=FDRDECRY it defaults to DSN=NULLFILE and a Encryption Keyfile is not used for either decryption or encryption.
VOL=
The volume serial of the Encryption Keyfile named by DSN=, if it is not cataloged.
Default: The volume serial number is obtained from the system catalog