Question & Answer
Question
If using BRMS for remote restore, you need to bring a translated file over from the remote file to be able to restore encrypted data. To set that up, perform the following:
Answer
If using BRMS for remote restore, you need to bring a translated file over from the remote file to be able to restore encrypted data. To set that up, perform the following:
Note: These instructions are not for a Disaster Recovery situation.
| 1. | Set up a temporary master key on BOTH systems by loading and setting an unused master key with identical pass phrases. Make sure the temporary key being used is available to use on both systems with the following: CHKMSTKVV MSTKEY(3) VERSION(*CURRENT) (You should get Version 1 of master key 3 is not set.) On both System A and System B: ADDMSTPART MSTKEY(3) PASSPHRASE('mytransferkey') followed by: SETMSTKEY MSTKEY(3) |
| 2. | On the source system, create a duplicate of the keystore file (for example, using the CRTDUPOBJ CL command). On System A: CRTDUPOBJ OBJ(Q1AKEYFILE) FROMLIB(QUSRBRM) OBJTYPE(*FILE) + TOLIB(QUSRBRM) NEWOBJ(BRMTRANSF) ASPDEV(*) TOASPDEV(*ASPDEV) + DATA(*YES) CST(*YES) TRG(*YES) FILEID(*NO) |
| 3. | Translate the duplicated keystore file to the temporary master key. On System A: TRNCKMKSF KEYSTORE(QUSRBRM/BRMTRANSF) MSTKEY(3) ... use the same master key number as step 1 |
| 4. | Move the new duplicated keystore file to the target system. On System A: Create a save file and save the object BRMTRANSF from library QUSRBRM into it. FTP the save file to System B On System B: Restore the object BRMTRANSF to QUSRBRM from the save file |
| 5. | On the target system B, Translate the keystore file to another master key. Preferably you can use the master key that is used for QUSRBRM/Q1AKEYFILE on the target system... to determine the MSTKEY: DSPCKMKSFE KEYSTORE(QUSRBRM/Q1AKEYFILE) RCDLBL(xxxxxxxxxxx) To translate the transferred keystore file: TRNCKMKSF KEYSTORE(QUSRBRM/BRMTRANSF) MSTKEY(x) |
| 6. | When restoring a saved item using STRRCYBRM/WRKMEDIBRM/WRKOBJBRM/WRKLNKBRM FROMSYS( ) change the command defaults (F9) for the keystore file and keystore library to QUSRBRM/BRMTRANSF After the restore is complete ... you can clean up the temporary objects used: 1. Delete the translated keystore file from the source system. (You still have the original keystore file.) On System A: DLTF QUSRBRM/BRMTRANSF 2. Clear the temporary master key on both systems. On System A and System B: CLRMSTKEY MSTKEY(3) VERSION(*CURRENT) |
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1019796