Defining Security Protection Profiles in IBM Security Server RACF › Select Data Sets for Encryption with RACF › Encryption Parameter
Encryption Parameter
For IBM Security Server RACF, the data set selection encryption parameter is defined on the DATA (APPLDATA) field of the RDEFINE command. The APPLDATA field is 255 bytes long. CA Tape Encryption will only process 120 bytes of the DATA field beginning after the BESn keyword.
- CA Tape Encryption selects files for encryption based on a character string that is recognizable in the DATA (APPLDATA) field within the data set selection CA@BES resource definition. Observe the following:
- The APPLDATA field must include a valid CA Tape Encryption parameter in the form of APPLDATA=('BES=(string_value)') or APPLDATA=('BESn=(string_value)').
- The string_value is comprised of one of the following:
- a symmetric key name
- a code book name
- a digital certificate name
- You can include additional text before or after the BES= or BESn= parameter. A comma or blank must immediately precede the BES= or BESn= statement if either is not the leftmost text in the description field.
- The description field can contain up to 120 alphanumeric and special characters. If you enter lowercase characters, they are converted to uppercase.
- The data set selection encryption profiles do not support the use of commas as command delimiters or embedded blanks. Use periods instead of these delimiters.