DFSMSdss uses TDES triple-length keys and 128-bit AES keys for host-based encryption. On a system with secure cryptographic hardware, you can use DFSMSdss to generate TDES and AES keys and encrypt them for protection through RSA public keys. On systems without secure cryptographic hardware, a password allows the generation of clear TDES and AES keys. The use of these cryptographic keys with DFSMSdss depends on the type of processor and the type of cryptographic hardware that you have installed.

RSA public and private keys for encryption can be stored in the ICSF Public Key Data Set (PKDS). These RSA keys are used by DFSMSdss to protect the symmetric keys that protect the data. You can use RACF® commands to store public/private keys.