Optimization Mode for Data Set Copy

This chapter gives details and examples for how to optimize making a copy of an extended format encrypted and/or compressed format data set by using the bypass encryption interface and the bypass compression interface. The reason for your program to use these specialized interfaces might be:

You can get better performance because the access method is not decrypting, encrypting, decompressing or compressing data.
The person that submits the copying job, does not need to have security access to the key label. This improves security.
Your program can learn some of the metadata for the data set. Most programs do not need this capability.

If you allocate two data sets with identical attributes, including the key label, and you write identical data to each data set, the access methods encrypt differently in the two data sets.

If you write more than one identical copy of a record to an encrypted data set, the access method will encrypt each record differently. This maximizes security by preventing a program that bypasses security from detecting patterns. For example, if it was known that a certain field contains a date or a constant, a code-breaking program could detect patterns if it were always encrypted the same way.

If you use bypass mode to copy an encrypted data set to another data set with the same attributes, the result will be that the two data sets are encrypted identically. They are exact physical copies of each other.

Note: For z/OS 2.5, z/OS 3.1, these functions are available via OA63434: NEW FUNCTION. To learn whether these functions are available on the system on those releases, your program can test the DFABypassCmpEnc bit in the DFA, data facilities area. See Data Facilities Area (DFA) Fields.