Using Digital Certificates › Digital Certificates and Key Rings › Shared Key Rings and User Key Rings

Shared Key Rings and User Key Rings

The following points describe the characteristics of shared key rings and user key rings:

• The difference between a shared key ring, as defined by the attributes of a ShareRingAlias section in parmlib and a user key ring, as defined by a UserRingAlias section in parmlib, are as follows:
  • The shared key ring or rings are associated with the CA Tape Encryption address space.
  • The user key ring specification identifies a single key ring name that may or may not be associated with the user ID who is running the tape job.
• CA Tape Encryption may or may not preload into memory at initialization time all certificates found on its shared key ring or rings. The loading of keys into memory is determined by the value of the B2BPreloadDigitalCertificates attribute in parmlib.
• Any time a certificate is loaded from a shared key ring, it is loaded only in the CA Tape Encryption address space and only into CA Tape Encryption private storage.
• Certificates on the user key rings are never pre-loaded. Certificates loaded from user key rings are loaded in the tape job's address space into the tape jobs private storage