Lizette Koehler wrote:
I have been asked to research the use of ICSF in DB2.
I know that ICSF comes with z/OS. However, I am not sure if it really requires
a Crypto card to run.
Q1: Can you run ICSF without a Crypto Card?
Yes. ICSF uses CPACFs in addition to crypto cards, and will also do
crypto (or maybe it's just hashes) in software for some algorithms when
hardware acceleration is not available.
However, whether the specific ICSF functions you might need to use for
DB2 row-level encryption will work without a crypto card is a different
question. This book:
z/OS Cryptographic Services
Integrated Cryptographic Service Facility
Overview, Document Number SA22-7519-12
...at:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/csfb5z90/CONTENTS?SHELF=EZ2ZBK0I&DT=20081113102459#B.0
Includes this section, which might be helpful:
Appendix B. Summary of Callable Service Support by Hardware Configuration
...at:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/csfb5z90/B.0?SHELF=EZ2ZBK0I&DT=20081113102459
Second, the intent is to encrypt row(s) of DB2 Data. Is ICSF the best way to
go or are there other options?
(Sorry, can't help with this one.)
I will probably switch over to the DB2-L Group on this, but wanted to know
about the basic ICSF and Crypto Card issue first.
<snip>
--
John Eells
z/OS Technical Marketing
IBM Poughkeepsie
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
