|
|
|
The following sample shows a key protection control statement in TBESAF99 format. In this example, a local asymmetric key with the name of AES256_KEY will generated to protect the key on BES3 and generate rule permission statements. The second entry will protect the codebook encryption key, BOOK1 only on BES4. The trailing asterisks allow for generic naming and matching should you wish to use these keys for pattern masking by CA ACF2.
BES3 TYPE=KEYSYMM,NAME=AES256_KEY BES4 TYPE=KEYCODE,NAME=BOOK1
The following sample shows the resulting key protection control statements generated by TBESAF99 for importing into CA ACF2.
//*+------ Define BES3 Keys ---------+ //ACFBATCH EXEC PGM=ACFBCOMP,REGION=1M //SYSUDUMP DD SYSOUT=* //SYSPRINT DD SYSOUT=* //RULES DD * $KEY(BES3.KEYSYMM.AES256_KEY*****************) TYPE(BES) $OWNER(BES ) UID(uid-value) ALLOW UID(uid-value) PREVENT /* //*+------ Define BES4 Keys ---------+ //ACFBATCH EXEC PGM=ACFBCOMP,REGION=1M //SYSUDUMP DD SYSOUT=* //SYSPRINT DD SYSOUT=* //RULES DD * $KEY(BES4.KEYCODE.BOOK1**********************) TYPE(BES) $OWNER(BES ) UID(uid-value) ALLOW UID(uid-value) PREVENT
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |