Decipher Using System Keys: Example 7
In this example, the enciphered data set produced by the job in Encipher Using System Keys: Example 6 is deciphered, using a VSAM relative
record data set as the target for the plaintext (deciphered) data.
The empty slots in the original data set are reestablished. Keys are
managed by the Programmed Cryptographic Facility or the Cryptographic
Support Unit.
//DESYS JOB ...
//STEP2 EXEC PGM=IDCAMS
//CRYPT DD DSN=RRDSEN,LABEL=(1,SL),DISP=OLD,
// UNIT=3480,VOL=SER=TAPE01,
// DCB=DEN=3
//CLEAR DD DSN=RRDS2,DISP=SHR
//SYSPRINT DD SYSOUT=A
//SYSIN DD *
REPRO -
INFILE(CRYPT) -
OUTFILE(CLEAR) -
DECIPHER -
(SYSTEMKEY -
SYSTEMKEYNAME(BKEY27))
/*
Job control language statements:
- CRYPT DD describes and allocates the magnetic tape containing the enciphered data.
- CLEAR DD describes the relative record data set.
The REPRO command copies and deciphers the enciphered data set from the source tape to the target data set RRDS2. The enciphered data encrypting key is obtained from the header of the source data set. Use the internal file key (BKEY27) to decipher the enciphered data encrypting key that is then used to decipher the data. The parameters of the REPRO command are:
- INFILE points to the CRYPT DD statement, identifying the tape containing the enciphered source data.
- OUTFILE points to the CLEAR DD statement, identifying the data set to contain the deciphered data, RRDS2. The defined record size must be the same as that of the original relative record data set.
- DECIPHER indicates that the source data set is to be deciphered as it is copied to the target data set.
- SYSTEMKEY indicates that keys are managed by the Program Cryptographic Facility, the Cryptographic Unit Support, or the z/OS® Integrated Cryptographic Service Facility.
- SYSTEMKEYNAME supplies the key name, BKEY27, of the internal file key that was used to encipher the system data encrypting key. The file key must be an internal file key in this system.