FDRCRYFM Utility

The FDRCRYFM utility is used to format and manage FDRCRYPT Encryption Keyfiles. Functions include: initializing an Encryption Keyfile, backing up and restoring an Encryption Keyfile, displaying Encryption Keyfile contents, deleting obsolete records, and reorganizing an Encryption Keyfile.

FDRCRYFM may also support other functions that are not documented here. For a complete description, execute FDRCRYFM with a control statement of HELP ALL.

FDRCRYFM JCL statements

Use the following JCL for FDRCRYFM:

EXEC statement

Specifies the program name (PGM=FDRCRYFM), region requirement (REGION=), and optional PARM= operand. Because the region requirements of FDRCRYFM may vary depending on the operation being performed, it is recommended that you specify REGION=0M to get the largest possible below-the-line region.

If a PARM field is specified, FDRCRYFM uses the data specified as the first control statement, which must be a valid FDRCRYFM statement. For example,

//FORMAT EXEC PGM=FDRCRYFM,PARM='FORMAT RECS=5000'

STEPLIB or JOBLIB DD statement

If FDR is not in the system link list (LNKLST), specifies the program library in which FDRCRYFM resides. The library must be APF authorized.

ENCRYPT DD statement

Specifies the FDRCRYPT Encryption Keyfile to be processed; it must be on DASD. Do not specify DCB parameters. If creating a new Encryption Keyfile, a SPACE= parameter with secondary allocation and RLSE are supported and recommended. Estimate the number of encrypted backups that need to be recorded and calculate the tracks required, figuring on 348 backups per track on a 3390 DASD. The Encryption Keyfile does not take secondary allocations once it has been formatted. Protect this Encryption Keyfile by a data set profile in your security system; if it is not, you are able to format and report on it but keys are never displayed in a report.

FDRCRYFM control statements

Supported control statements are FORMAT, DUMP, RESTORE, DELETE, REORG, and REPORT.

SYSIN DD statement

Specifies the control statement data set, usually an input stream or DD * data set. It can be omitted if the only control statement is specified by PARM= on the EXEC statement.

SYSPRINT DD statement

Specifies the output message data set. This is a required DD statement and usually is a SYSOUT data set

SYSUDUMP DD statement

Specifies the abend dump data set. Usually specifies a SYSOUT data set. Although not required, we strongly urge you to always include this DD statement, so that we can help you diagnose error conditions. If you have a debugging aid product on your system that prevents the desired dump, add the appropriate one of these statements to the JCL so that a fully-formatted dump is produced.

//ABNLDUMP DD DUMMY Print normal IBM dump in addition to the Abend-AID Report //CAOESTOP DD DUMMY Turn off CA OPT II & CA SYMDUMP //DMBENAN DD DUMMY Turn off DumpMaster //ESPYIBM DD DUMMY Turn off Eye-Spy //IDIOFF DD DUMMY Turn off IBM Fault Analyzer

TAPE1 DD statement

Specifies the file to be used for the backup copy of the Encryption Keyfile. This DD statement is used to output the backup copy of the Encryption Keyfile if the DUMP or REORG statements are executed. It is used to input a backup copy of the Encryption Keyfile if the RESTORE statement is executed. It is not required for other functions.

Although TAPE1 could be a temporary data set for a REORG operation, it is recommended that you make it a permanent data set and retain it for some time after the REORG, in case required records are inadvertently removed by the REORG.

Important

TAPE1 must point to a tape device unless the DUMPDEVICE=DISK operand is specified.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*