Decrypting your data

Edit online

There are two methods available to read or restore tape data that was previously encrypted.

  1. If the products and applications used for software tape encryption are installed on your partition, your tape management application can specify the encryption keystore file and record label information for each file that is to be decrypted.
  2. Use a decryption data area to specify the encryption keystore file and record label information to be used to decrypt your tapes. The data area must be named QTADECRYPT and can be created in either library QTEMP or QUSRSYS. The data area must provide the following information
    • Char(10) Device name (Decryption will only be run for tapes in this device)
    • Char(10) Encryption keystore file name
    • Char(10) Encryption keystore library
    • Char(32) Encryption record label
    Here is an example of how to create a decryption data area in QTEMP: 
    1. CRTDTAARA DTAARA(QTEMP/QTADECRYPT) TYPE(*CHAR) LEN(62)
    2. CHGDTAARA DTAARA(QTEMP/QTADECRYPT) VALUE('TAPMLB01  KEYFILE   KEYLIB') 
    3. CHGDTAARA DTAARA(QTEMP/QTADECRYPT (31 32)) VALUE('RECORD1')
Note:
  • The data area values can be overridden by a tape management application.
  • The encryption key type must be AES.