Encipher Using System Keys: Example 6

In this example, an enciphered copy of part of a VSAM relative record data set is produced using a tape as output. The enciphered data set is deciphered at a remote installation. The keys are managed by the Programmed Cryptographic Facility, the Cryptographic Unit Support, or the z/OS® Integrated Cryptographic Service Facility. 
//ENSYS    JOB    ...
//STEP1    EXEC PGM=IDCAMS
//CLEAR    DD   DSN=RRDS1,DISP=SHR
//CRYPT    DD   DSN=RRDSEN,LABEL=(1,SL),DISP=NEW,
//              UNIT=3480,VOL=SER=TAPE01,
//              DCB=(DEN=3,RECFM=FB,LRECL=516,BLKSIZE=5160)
//SYSPRINT DD   SYSOUT=A
//SYSIN    DD   *
     REPRO -
           INFILE(CLEAR) -
           OUTFILE(CRYPT) -
           COUNT(50) -
           ENCIPHER -
             (EXTERNALKEYNAME(AKEY27) -
              STOREDATAKEY -
              CIPHERUNIT(4) -
              USERDATA(CONF))
/*
Job control language statements:
  • CLEAR DD describes the relative record data set.
  • CRYPT DD describes and allocates a magnetic tape file. LRECL is the relative record data set record size plus 4.

    The REPRO command copies 50 records enciphered from a generated data encrypting key, from the source data set, RRDS1, to the output tape. The source records are enciphered in units of 4 records, except for the last 2 records, which are enciphered together. The enciphered data encrypting key is stored in the header of the target data set; therefore, REPRO will not list the key name or enciphered data encrypting key in SYSPRINT. The parameters of the command are:

  • INFILE points to the CLEAR DD statement identifying the source data set to be enciphered, RRDS1.
  • OUTFILE points to the CRYPT DD statement, identifying the target data set on tape.
  • COUNT indicates that 50 records are to be copied.
  • ENCIPHER indicates that the target data set is to contain an enciphered copy of the source data set.
  • EXTERNALKEYNAME supplies the name, AKEY27, of the external file key to be used to encipher the data encrypting key.
  • STOREDATAKEY indicates that the data encrypting key enciphered under the secondary file key is to be stored in the header of the target data set.
  • CIPHERUNIT indicates that 4 source records at a time are to be enciphered as a unit.
  • USERDATA specifies a character string, CONF, to be stored in the header of the target data set as user data.
Parent topic: REPRO Examples