FDRCRYPT Testing Checklist

Here is a checklist of implementation steps for testing FDRCRYPT:

For testing, FDRCRYPT can be loaded into a separate load library from your production FDR.

The load library must be APF authorized. See Authorize-the-FDR-Programs.

Use a STEPLIB for all FDRCRYPT tests.

When you are ready to use FDRCRYPT in production, install it into your production FDR libraries. Be sure to set any FDRCRYPT options you set during testing as shown below.

If you have set any options in the FDR Global Options for your production FDR, you must copy those options to the FDRCRYPT test load library; otherwise, your tests may not run correctly. To do so:

Allocate and format an FDRCRYPT Encryption Keyfile. See the examples in FDRCRYFM-Utility.

Set the data set name of the Encryption Keyfile as the default with:

FDRCRYPT does not currently support RTC=YES. You must remove this operand from any FDR step that tests FDRCRYPT.

To create FDRCRYPT tests, add the ENCRYPT= operand (and optionally the ENCRYPTTYPE= operand) to the DUMP statement in any FDR or FDRABR backup step. You also need to add an FDRCRYPT DD statement to those DUMP steps, containing ENCRYPT statements unless you intend to let FDRCRYPT generate all encryption keys. All of these operands and statements are described in:

• DUMP-COPY-Operands-for-Encryption
• KEYFILE-Statement
• ENCRYPT-Statement
• DECRYPT-Statement

Examples are shown in:

• FDRCRYPT-Dump-Examples
• FDRCRYPT-RESTORE-Examples
• FDRCRYPT-Tape-Copy-Examples
• FDRCRYPT-Encryption-Keyfile-Backup-and-Restore

If you use FDRINSTANT, you do not need to change the SPLIT, PSPLIT, SNAP, or FCOPY steps; they are not involved in encryption. Only the DUMP steps must be modified.

To test restores from encrypted backups, just run your normal restore jobs. You do not need an FDRCRYPT DD statement unless you wish to test restore without using the Encryption Keyfile or restore using a master key. Examples are shown in FDRCRYPT-RESTORE-Examples.