If the system using the secured signon function does not use a cryptographic product, RACF® masks the key with a proprietary masking algorithm when you define or alter it. The masking algorithm that masks the secured signon application keys while they reside in the RACF database is an IBM® proprietary algorithm. It is designed to provide protection against casual viewing of the secured signon masked keys. The algorithm is not a cryptographic algorithm and cannot provide the level of security for the secured signon application keys that the use of cryptography can provide.

To mask the secured signon application key when you define or alter it, use the SSIGNON operand and KEYMASKED value with the RDEFINE or RALTER command.