Using CA Tape Encryption in Your z/OS Environment › Business-to-Business Encryption Using Code Books › Code Book Importing by a Non-z/OS Business Partner › How Code Books Work for Encrypting B2B Tapes

How Code Books Work for Encrypting B2B Tapes

Code books are used to encrypt data files in z/OS environments and to decrypt these files in non-z/OS environments. The following points outline how code books work:

• Code books are rebuilt based on the REBUILD attribute that you code in parmlib for each code book you define.
• Each time a code book is rebuilt, the instance of the code book that was current prior to the rebuild operation is placed on a queue where it remains for 90-days.
• The new code book is rebuilt with a new set of random values, which becomes the new current code book. Only the current instance of a code book is used to encrypt new data.
• A code book is selected at tape creation time based on information in the DFSMS data class description field or the security protection profiles in your security system.
  • Code books are defined to CA Tape Encryption on the z/OS platform by attributes specified in parmlib.
  • Code books are activated by either entering the REFRESH=CODEBOOKS command or by restarting your BES subsystem.
  • For each tape file to be encrypted, CA Tape Encryption randomly selects elements from the current code book array of the specified code book stored in the BES database. It uses these elements to form a symmetric key that is appropriate for the data encryption algorithm specified in the DFSMS data class definition or in the security protection profiles of your security system.
• An ID that uniquely identifies the current code book and code book array, along with information identifying the elements of the array that form the symmetric key, are placed on the tape in the user header labels of the file being encrypted.