DBUTLTY provides a report that includes encryption information, including any basic encryption key information and the tables encrypted. The new report is requested by the REPORT function with a combination of keywords having AREA=CXX and TYPE=K. The report is available to all users and starts by providing the full CXX information also provided by a REPORT AREA=CXX without a DBID keyword and with either no TYPE= keyword or TYPE=B. After that information is provided, the known encryption information is provided. That encryption information is not considered a secret. Having this special report allows you to externally secure the use of this DBUTLTY function.
Note: For DBUTLTY External Security, REPORT AREA=CXX,TYPE=K uses REPORT.ENCRYPT with no table rights.
The DBUTLTY BACKUP AREA=CXX function backs up the encryption information stored in the CXX. The information restored to the CXX by either the LOAD AREA=CXX function or the CXXCLONE function when the options DBID is not specified. However, only if no DBID is provided to restore the entire CXX is the encryption key information restored to a CXX using DBUTLTY functions LOAD AREA=CXX and CXXCLONE.
Following is a sample report. For an example of the report header, see Sample Report Headers.
REPORT AREA=CXX,TYPE=K
CONTROL AREA DIRECTORY DBCRBAS REQUIREMENT (ALL BASES OPEN) - 53,360 CXX ENQ - LOCAL NUMBER OF DATA BASES - 24 DATA HIGH USED MARK - NO DEVICE TYPE - 3390 DATASET EXTENT VALIDATION - NO DYNAMIC FILE ALLOCATION ALLOWED - YES DATA FAST SEARCH - NO SECURE USING JOBNAME - NO CXX LEVEL - 1 SECURE ALLOWING SINGLE USER - NO SINGLE USER ALLOWED - YES SQL MODE - SUPPORT ACTIVE - NO SIMPLIFY MODE - YES DATADICTIONARY BASE - 0 DATA DEFINITION DIRECTORY BASE - 0
ENCRYPTION HARDWARE SUPPORT - A(AES-128)=Y B(AES-192)=Y C(AES-256)=Y ENCRYPTION INFORMATION - BASIC KEY - NOT USED KEY 2 - NOT USED DBID TABLE TYPE METHOD
0789 C01 B(BASIC) A(AES128) 0789 C02 B(BASIC) B(AES192)
Following is another example.
ENCRYPTION INFORMATION - BASIC KEY 1 - 041537850CEFFEDB6044E27F4A723139576293FF08E2772B4BFDAC9B7B4F1B16 ccyy/mm/dd
In the examples just shown, the following fields are defined as follows:
The ENCRYPTION HARDWARE SUPPORT line in the TYPE=K report tells whether the hardware running the report supports the A, B, or C options. Attempts to use encryption without this support cannot be successful.
The ENCRYPTION INFORMATION – BASIC section in the TYPE=K report tells the current KEY 1 value. It is set using DBUTLTY function ENCRYPT with OPTION=SET_BASIC_KEY_1. If the key has not been set, it is reported as NOT USED, but if set the date last set is reported
Note: This is not the actual key being used but the external form of the key.
The following section provides information about every table in the CXX that has encryption defined. But because the section only reflects encrypted tables, if none exist the section does not exist. When it does exist, however, it provides the DBID and table name with encryption. It also provides the type of encryption and method of encryption.
Note: Tables that are in history status and those not history status are listed (for a description of history status, see the full CXX report example).
The table information relating to encryption is provided as part of a full REPORT AREA=CXX without TYPE=A. An example of the changed lines are:
TABLE NAME - C01
. RECOVER - YES ENCRYPTION - NONE LOGGING - YES PIPELINE - YES
TABLE NAME - C02 . RECOVER - YES ENCRYPTION - B(BASIC) A(AES128)LOGGING - YES PIPELINE - YES
TABLE NAME - F01 . RECOVER - YES ENCRYPTION - B(BASIC) B(AES192)LOGGING - YES PIPELINE - YES
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|