Using CA Tape Encryption in Your z/OS EnvironmentBusiness-to-Business Encryption Using Code Books › Export a Code Book

Previous Topic: Passkey Rules

Next Topic: Code Book Importing by a Non-z/OS Business Partner

Export a Code Book

Code books are used with non-z/OS systems in place of the public key/ private key model used with z/OS systems. To share a B2B tape with a business partner who does not have access to a z/OS host, you must create and export a code book.

To export a code book

  1. Define the code book if you have not already done so.

    Note: For information on defining a code book, see Define a Code Book in this chapter.

  2. Create the passkey that will be used to encrypt the exported code book if you have not already done so. For information on creating the passkey, see Create a Passkey in this chapter.
  3. Customize the JCL for the TBEBOOK utility to export the code book. The TBEBOOK JCL is provided in the CTAPJCL library under the BESBOOK member name. Modify the following line in the TBEBOOK JCL: 
    //    PARM='BES=BESn,CODEBOOK=bookname,ALGORITHM=3DES128'
    BESn

    Specifies the subsystem on which the code book is defined.

    CODEBOOK=

    Specifies the name of the code book you want to export.

    ALGORITHM=

    (Optional) Specifies the encryption algorithm to use when encrypting the exported code book.

    Default: 3DES128

    Note: Although the Multiplatform Decryption Utility supports key strengths higher than 128 bits through the Java Cryptographic Extension (JCE), the JCE is not available in all countries. Keep this in mind when specifying an algorithm.

  4. Specify the dataset that contains the passkey to use when encrypting the exported code book. To do so, modify the following line: 
    //PASSKEY   DD  *

    You can point to a SYSIN-style spool dataset or inline JCL statement (as in the example above), or to any dataset or PDS member on DASD.

  5. Optionally, TBEBOOK can generate a report with details on the exported code book. To generate this report, modify the following line: 
    //SYSPRINT  DD   SYSOUT=A

    You can point to a SYSOUT dataset (as in the example above), or to any dataset or PDS member on DASD. The report records are generated with ANSI printer control characters and are intended for output using the following attributes:

  6. Ensure that the BES subsystem on which the code book is defined is up and running, and run the TBEBOOK utility.

    The code book is exported and encrypted using the specified passkey. You can now distribute the code book to your non-z/OS business partner.