With the exception of the volume label structure for the first file sequence, all data on a tape cartridge will be encrypted under the same data key. The volume label for the first file sequence (IBM standard tape label (SL) or ANSI standard label (AL)) will be encrypted using a key known to all encryption capable 3592 drives. Circumstances may arise where you no longer know what key encrypting keys (KEKs) were used to encrypt the data key that is stored on a tape cartridge. Without this knowledge, the externally encrypted data keys (EEDKs) cannot be unwrapped and without the data key, the data itself cannot be decrypted. To help with this situation, z/OS (during OPEN processing), will request that the drive use a key known to all encryption capable 3592 drives when writing all recognized volume label records (VOL1, HDR1, HDR2, and so on). Even though the volume label, for the first file sequence, is still encrypted on the tape cartridge, by using a key known to all encryption capable 3592 drives, the volume label information can be decrypted and returned without going through the Encryption Key Manager (for example, by using an existing utility such as DITTO). Knowing the volume label information can then help to determine what key labels were used. Perhaps you used a unique key label for a particular application or for a particular data set name. Having this information available enables the volume label information to be read while still protecting the encrypted data on the tape cartridge.