Encrypting and Decrypting with the IGGENC Macro

When you bypass the access methods, you can use the IGGENC macro to encrypt and decrypt data such that the result is compatible with how the access methods encrypt records. This section describes how to use IGGENC with basic format and large format data sets that are SMS-managed. Data set encryption is described further in z/OS DFSMS Using Data Sets.

Encryption and decryption require the functions of Integrated Cryptographic Service Facility (ICSF). One of the ICSF functions is to manage access to your encryption key. You can use a cryptographic service such as ICSF to generate a random encryption key but you cannot see your encryption key. You provide a name for the key and you use that name. The name is called a "key label". The key label is not a secret but its key is a secret even from the owner of the key.

Your program can test the DFASEQENCRYPT bit in the DFA to determine whether the IGGENC function is installed and functional. See the IHADFA mapping macro. If the basic cryptographic facility is not functional, IGGENC will give a reason code with the two low order bytes as X'611' or X'081x'. See Table 10.

These are the functions that you can perform with the IGGENC macro:

Connect to the encryption function.
Encrypt or decrypt one or more blocks of data. These require that your program either call the connect function first or open an encrypted basic or large format data set.
Disconnect from the encryption function.