Using PASSWORD and RSA options
PASSWORD and RSA options for the encrypted data depend on the processor and cryptographic hardware that you have installed. Base your decisions on the security requirements of the data and on your available hardware.
PASSWORD option
Generally, if you do not have secure cryptographic hardware installed, you can specify the PASSWORD keyword. Passwords are case sensitive.
RSA option
Consider using the RSA keyword that makes use of public/private keys for encryption and the exchange of digital certificates. You specify the label of the public key that is stored in the ICSF PKDS on the RSA option when you encrypt the data. The corresponding RSA private key must be present at the recovery site when you decipher the data. A recipient on another site can decrypt the data through the private key that is specified on the RSA option for CSDFILDE. Optionally, the recipient can decrypt the data through the private key that is specified by the –keyStoreCertificateAlias argument on the Java-based Client of the Encryption Facility for z/OS Client; see Using RSA keys and certificates. You can specify multiple RSA keys as input.
RSA private tokens
| RSA private key token (internal) | Required cryptographic hardware |
|---|---|
| RSA private key token 1024 Modulus-Exponent Internal form | One of the following:
|
| RSA private key token 1024 Chinese Remainder Theorem Internal form | One of the following:
|
| RSA private key token 2048 Chinese Remainder Theorem Internal form | One of the following:
|