Encipher Using Private Keys: Example 8
In this example, an enciphered copy of a SAM data set is produced
by using an entry-sequenced data set as the target data set. The enciphered data
set resides on a volume that is to be stored offline at the local
installation. Each record in the target data set is enciphered separately,
using a data encrypting key supplied by the user with a data encrypting
key data set. Keys are managed privately by the user.
//ENPRI JOB ...
//STEP1 EXEC PGM=IDCAMS
//CLEAR DD DSN=SAMDS1,DISP=OLD,
// VOL=SER=VOL005,UNIT=DISK
//CRYPT DD DSN=ESDS1,DISP=OLD
//KEYIN DD *
X'53467568503A7C29'
/*
//SYSPRINT DD SYSOUT=A
//SYSIN DD *
REPRO -
INFILE(CLEAR) -
OUTFILE(CRYPT) -
REUSE -
ENCIPHER -
(PRIVATEKEY -
DATAKEYFILE(KEYIN))
/*
Job control language statements:
- CLEAR DD describes the SAM data set.
- CRYPT DD describes the entry-sequenced data set.
- KEYIN DD describes the data encrypting key data set consisting of a single record containing the data encrypting key.
The REPRO command copies all records enciphered under the supplied
data encrypting key, from the source data set, SAMDS1, to the target
data set, ESDS1. The plaintext private data encrypting keys is not
listed on SYSPRINT, because the user manages the key. The parameters
of the REPRO command are:
- INFILE points to the CLEAR DD statement, identifying the source data set to be enciphered, SAMDS1.
- OUTFILE points to the CRYPT DD statement, identifying the target data set, ESDS1. The defined maximum record size of the entry-sequenced data set must be large enough to accommodate the largest SAM record.
- REUSE indicates that the target data set is to be opened as a reusable data set. If the data set was defined as REUSE, it is reset to empty; otherwise, the REPRO command will end.
- ENCIPHER indicates that the target data set is to contain an enciphered copy of the source data set.
- PRIVATEKEY indicates that the key is to be managed by the user.
- DATAKEYFILE points to the KEYIN DD statement that supplies the plaintext data encrypting key, X'53467568503A7C29', to be used to encipher the data.