SYSFUN.SYSTS_ENCRYPT

Use the SYSFUN.SYSTS_ENCRYPT user-defined function that is supplied with Db2 for z/OS® to encrypt the passed value according to the text search server encryption method by using the input key.

You must use this user-defined function to encrypt a Db2 password that the text search server needs to connect to Db2.

Note:
  • The SYSFUN.SYSTS_ENCRYPT user defined function is incompatible with IBM® Semeru Runtime® for z/OS, version 11 or later, pending approval and availability of the FIPS 140-3 cryptographic module in these versions.

Syntax for SYSTS_ENCRYPT

Read syntax diagramSkip visual syntax diagramSYSFUN.SYSTS_ENCRYPT(originalValue ,key)

Description for SYSTS_ENCRYPT

The schema is SYSFUN.

Use this user-defined function to set the Db2 and the text search server passwords in the SYSIBMTS.SYSTEXTSERVERS table. Before invoking this user-defined function, store the key for the text search server encryption in the SERVERMASTERKEY column of the SYSIBMTS.SYSTEXTSERVERS table.

The SYSFUN.SYSTS_ENCRYPT function returns an encrypted version of the originalValue parameter value. The encryption is based on the key value that is provided as an additional input parameter. This function uses an encryption method that is shared with the text search server. Therefore, you can use this function to encrypt a password value for the DB2ENCRYPTEDPW column of the SYSIBMTS.SYSTEXTSERVERS administration table.

originalValue
Specifies the string that you want to encrypt.

The data type of this parameter is VARCHAR(32).

key
Specifies the key string that is used for encryption. A valid value must be retrieved from the text search server by using the Configuration Tool that is on the server.

The data type of this parameter is VARCHAR(36).

The function returns an encrypted version of the string as a variable-length string with a length attribute of 256.

Example 1

This example inserts a row with an encrypted password to the SYSIBMTS.SYSTEXTSERVERS table after a text search server is installed with the following features:
  • Name: 192.30.176.75
  • Listening to port 6007
  • Requiring the authentication token 'fdRNw+4=' for all service requests
  • Requiring the master key '55c1576b4de132dabdb28c10ce04ef36' for encrypting Db2 password information for the Db2 user ID that is in the SYSIBMTS.SYSTEXTCONNECTINFO table
Note: The literals that are used in this example are case-sensitive. Make sure that the environment that is used to run the SQL statements (for example, SPUFI) does not transform them to uppercase.
INSERT INTO SYSIBMTS.SYSTEXTSERVERS(SERVERNAME, 
                                    SERVERPORT, 
                                    SERVERAUTHTOKEN, 
                                    SERVERMASTERKEY, 
                                    DB2ENCRYPTEDPW) 
            VALUES ('192.30.176.75', 
                    6007, 
                    'fdRNw+4=', 
                    '55c1576b4de132dabdb28c10ce04ef36', 
                    SYSFUN.SYSTS_ENCRYPT('myDb2Pw',
                                         '55c1576b4de132dabdb28c10ce04ef36'))

Example 2

The following example updates the password information in the SYSIBMTS.SYSTEXTSERVERS table after the password for the Db2 user ID in the SYSIBMTS.SYSTEXTCONNECTINFO table has been changed to 'newDB2pw':
UPDATE SYSIBMTS.SYSTEXTSERVERS SET 
        DB2ENCRYPTEDPW = SYSFUN.SYSTS_ENCRYPT('newDB2pw', SERVERMASTERKEY)