|
|
|
You can secure keys globally when the SecureKeysOnly attribute is set to Y in the StartupOptions section. All of the symmetric key definitions defined to parmlib must be set to an algorithm that ICSF supports for using secure keys.
When using the Y option globally, do not use algorithms in parmlib that ICSF only supports for using clear keys. As of ICSF HCR7731, AES is only supported using clear keys. Therefore AES keys are not allowed when this option is set. The exception to this rule is that keys using the CLEAR algorithm are allowed. The CLEAR algorithm is used to test your CA Tape Encryption subsystem but does not actually perform any encryption of data, and does not involve either secure or clear keys.
SecureKeysOnly=N is the default for the SecureKeysOnly attribute and results in normal routing to CPACF on z890, z990, and z9 processors.
Note: For more information about the SecureKeysOnly attribute and other CA Tape Encryption attributes, see the Configuration Guide.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |