|
|
|
You can secure keys selectively when the SecureKeysOnly attribute in the StartupOptions is set to K and the symmetric key attribute of each symmetric key is defined with the SecureKeysOnly attribute set to Y.
SecureKeysOnly=K is not valid when specified as an attribute of a symmetric key section. This setting is only valid in the StartupOptions attribute section.
SecureKeysOnly=N is the default for the SecureKeysOnly attribute and results in normal routing to CPACF on z890, z990, and z9 processors.
As of HCR7731, ICSF only supports clear keys for the AES algorithm. Therefore, CA Tape Encryption does not support specifying SecureKeysOnly=Y for an AES key definition. The SecureKeysOnly attribute is ignored for keys defined with the CLEAR algorithm.
Note: For more information about the SecureKeysOnly attribute and other CA Tape Encryption attributes, see the Configuration Guide.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |