CSNBSYE can be used to encrypt with a clear key stored in the CKDS. The key_rule field must be "KEYIDENT" and the key_identifier field must contain the CKDS label name of the clear key.
_______________________ CryptoMon, the only z/OS crypto monitor http://www.aspg.com/cryptomon.htm On Sun, 3 Apr 2011 14:11:10 -0400, Farley, Peter x23353 <[email protected]> wrote: > >Thanks for the clear answer. > >That fact is not at all clear in the ICSF documentation, at least not that I have found in the Application Programmer's Guide so far. > >If such is the case, what are the options to store a clear key in the CKDS and invoke an encryption/decryption subroutine that takes as an argument only the "label" of that key and not the clear key itself? > >The goal here is to have the clear key stored in the protected CKDS (only authorized security team personnel allowed to access) and permit ordinary non-authorized application code to use the key label for encryption and decryption of data fields. > >TIA for any further info/RTFM you can provide. > >Peter ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
