z/OS Security and PKI services
z/OS Security and PKI services
z/OS Security and PKI services
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
EnvironmentDB2 V8 EngineSQL orUtility( Batch Job )DataEncryption( EDITPROC )z/<strong>OS</strong> 1.4+ with Features (*)Hardware CryptoFeature:- CEXC2 (z9-109)- PCXICC ( z990 )- CCF ( z900 )ICSF ServiceDB2TableDB2TableNo ENCRYPTIONCaseENCRYPTIONCase• IBM zSeries Processors ( z9-109, z990, z890, z900 )► Hardware Cryptographic Features which supports “Secure Key” (clear key with PQ94822 + PQ93943)● z9-109 : CEX2CC● z990 : PCIXCC● Z900 : CCF• IBM z/<strong>OS</strong> V1R4+ with following Features (*) installed;► z990 <strong>and</strong> z890 Enhancements to Cryptographic Support► z/<strong>OS</strong> V1R4 z990 Exploitation Support• IBM Middleware Products;► DB2 for z/<strong>OS</strong> Version 6 or higher► IMS, Version 6 or higherz9-109, z990 or z900 LPARDisks3007.04.2006 IBM SystemsInstallation Steps• Set up <strong>and</strong> validate crypto hardware► Validate? If from ICSF menu, Utility option for R<strong>and</strong>om Number works, ICSF <strong>and</strong> secure crypto hardwareworks● Clear key support with APAR PQ94822 + PQ93943• Generate <strong>and</strong> then store (in the CKDS) a triple DES encryption key for use► Use ICSF Key Generation Utility Program, KGUP► Read ICSF Administrator's Guide• Build the IMS or DB2 user exit, specifying the key name defined in step above• Back up your data• Unload your data• Create/install the exit• Reload the data, during which process the data is encrypted• Validate your output3107.04.2006 IBM Systems