Verifying IBM Global Security Kit (GSKit) installation and configuration

For the encryption of Db2® data, both at rest and in transit, the IBM® Global Security Kit (GSKit) must be correctly installed and configured.

Procedure

  1. Verify that IBM Global Security Kit (GSKit) is installed:
    Linux and UNIX operating systems
    • On Linux and UNIX operating systems, the Db2 installer installs GSKit locally. For a Db2 server instance, the IBM Global Security Kit (GSKit) libraries are located in sqllib/lib64/gskit. For a Db2 client instance, the GSKit libraries are located in sqllib/lib32/icc or sqllib/lib64/icc.
    • If a global copy of IBM Global Security Kit (GSKit) exists (for example, in /usr/lib on Linux or UNIX) keep the global copy of IBM Global Security Kit (GSKit) and the copies of IBM Global Security Kit (GSKit) installed by the Db2 installer at the same version level.
    Windows operating systems
    On Windows operating systems, a Db2 server installation installs GSKit globally. The GSKit libraries are located in C:\Program Files\IBM\gsk8\lib64. For a Db2 client instance on windows, the GSKit libraries are installed locally and are located in sqllib\lib\icc or sqllib\lib64\icc.
  2. Verify that the path to the IBM Global Security Kit (GSKit) libraries is set in the appropriate environment variable for your operating system:
    Table 1. Environment variable settings for IBM Global Security Kit (GSKit) libraries on Linux, UNIX, and Windows operating systems
    Operating system Location of IBM Global Security Kit (GSKit) libraries Environment variable setting
    Linux® and UNIX 32-bit $INSTHOME/sqllib/lib32/icc Include $INSTHOME/sqllib/lib32/icc in the LD_LIBRARY_PATH, LIBPATH, or SHLIB_PATH environment variable.
    Linux and UNIX 64-bit Server: $INSTHOME/sqllib/lib64/gskit
    Client: $INSTHOME/sqllib/lib64/icc
    		 Include the required path in the $LD_LIBRARY_PATH, $LIBPATH, or $SHLIB_PATH environment variable.
    Windows 32-bit %DB2PATH%\lib\icc Include %DB2PATH%\lib\icc in the PATH environment variable.
    Windows 64-bit Server: C:\Program Files\IBM\gsk8\lib64
    Client: %DB2PATH%\lib64\icc or   %DB2PATH%\lib\icc
    		 Include the required path in the %PATH% environment variable.
    Note: On the client side of Db2, you can configure Db2 to load either the local or global version of IBM Global Security Kit (GSKit), through the ClientGSKitLocation parameter. This parameter is located in both the db2dsdriver.cfg configuration file and the db2cli.ini initialization file. For more information, see ClientGSKitLocation CLI/ODBC and IBM data server driver configuration keyword.
    Note: Each Db2 version is tested with a specific GSKit version. If a global version of GSKit is installed, it must be maintained at the version provided with Db2 to ensure compatibility. Using a global GSKit version older than the one shipped with Db2 is not supported.