|
|
|
The character string value for the BES= parameter in the data class description field must match certain attributes in parmlib. The value depends on the type of tape you want to create. These values and attributes are as follows:
Specify the value of the key= attribute in the SymmetricKeys section. This value is used to create a customizable key_section, in which you specify the additional attributes associated with the key.
Example: BES=(SYMKEY1)
In this example, BES=(SYMKEY1) specifies a key section in parmlib, named SymKey1, which in turn contains attributes that specify the algorithm to use, the frequency for generating a new key, and other attributes.
If you specify BESn=(SYMKEY1), n is a number that indicates a CA Tape Encryption subsystem other than BES1.
Specify the digital certificate label name and the algorithm to use for encryption.
The syntax for the character string value has the following format:
BESn=(RSA(ringname_alias):certificate_label.algorithm)
Specifies an identifying number for a CA Tape Encryption subsystem other than BES1. Specifying “BES=” is the same as specifying “BES1=”. This does not mean that the encryption request can be processed by any active BES subsystem.
Specifies that a B2B tape uses the RSA algorithm for public key cryptography. The ringname_alias in parenthesis specifies the value specified by the ShareRingAlias or UserRingAlias. CA Tape Encryption searches on the specified key ring name for the digital certificate.
Specifies the digital certificate to use. The value of the KeyringName= attribute in the ShareRingAlias section specifies which key ring name to search for the digital certificate label.
Specifies the algorithm for creating the randomly-generated symmetric key that is used to encrypt the data on the tape.
Note: To maintain compatibility with the security interface format, you should replace commas, used as command delimiters, with periods and remove any imbedded blanks,
Example: BES2=(RSA(Partner2):mycert.3DES192)
In this example, BES2=(RSA(Partner2):mycert.3DES192) indicates that this tape uses the digital certificate identified as mycert, associated with the Partner2 key ring, to encrypt the symmetric key that is used to encrypt the data on the tape. 3DES192 indicates the algorithm to use for the symmetric key that encrypts the data on the tape. BES2 indicates that this is a tape for subsystem BES2.
For a B2B tape using a code book
Specify the code book name and the algorithm to use for encryption.
The syntax for the character string value has the following format:
BESn=(BOOK(codebook_name).algorithm)
Specifies an identifying number for a CA Tape Encryption subsystem other than BES1.
Specifies that a B2B tape uses the code book methodology for selecting and communicating a symmetric key. The codebook_name in parenthesis specifies the value specified by the CodeBook attribute of the <B2BCodeBooks> section, which also names the related customizable section in PARMLIB.
Specifies the algorithm for creating the randomly-generated symmetric key that is used to encrypt the data on the tape.
Example: BES2=(BOOK(CodeBook1).AES192)
In this example, BES2=(BOOK(CodeBook1).AES192) indicates that this tape uses the code book identified as CodeBook1 to generate the symmetric key that is used to encrypt the data on the tape. AES192 indicates the algorithm to use for the symmetric key that encrypts the data on the tape. BES2 indicates that this is a tape for subsystem BES2.
Note: To maintain compatibility with the security interface format, you should replace commas, used as command delimiters, with periods and remove any imbedded blanks,
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |