Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Encrypting the secured signon application key z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can encrypt the secured signon application keys when a common cryptographic architecture (CCA) cryptographic product is installed on the systems where the secured signon function is installed. Using a cryptographic product ensures the maximum possible security for the secured signon application keys. With a cryptographic product, RACF® can store the keys on the RACF database in a form in which they are encrypted under the cryptographic product's master key. RACF uses the functions of the cryptographic product to ensure that the encrypted keys do not exist in clear-text form within system main storage for RACF processing, except when they are being defined. Therefore, if a system storage dump occurs, they are not exposed in the dump. If you are sharing a RACF database:
When using the secured signon facilities with encryption,
the following Integrated Cryptographic Service Facility (ICSF) modules
must be installed as follows so they can be accessed by RACF.
To encrypt the secured signon application key when you define or alter it, use the SSIGNON operand and KEYENCRYPTED value with the RDEFINE or RALTER command. |
Copyright IBM Corporation 1990, 2014
|