While it is true that you can use different CKDS, the label must refer to the same key (even under different master keys) or you won't be able to open the dataset.
There is no KVV anywhere. The value in the catalog for each encrypted dataset is unique to that dataset and is not directly related to the key. You will know if you have the correct keys by trying to open the dataset. Eric Rossman, CISSP ICSF Cryptographic Security Development z/OS Enabling Technologies edros...@us.ibm.com -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Radoslaw Skorupka Sent: Friday, June 24, 2022 3:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: Encrypted datasets - question about key (pervasive encryption) Well, labels are unique within ICSF realm or more precisely - CKDS. However it is possible to share dataset between systems, non-sysplexed to simplify the considerations. And it is possible (by mistake) to have same labels but different key values. Or just replace the key by mistake. KVV - I meant Key Verification Value. -- Radoslaw Skorupka Lodz, Poland W dniu 24.06.2022 o 20:08, Eric D Rossman pisze: > Labels for dataset encryption keys (DATA or CIPHER) are unique. You cannot > have the same label with different types where one of the types is DATA or > CIPHER. What "KVV" are you referring to? > > Eric Rossman, CISSP > ICSF Cryptographic Security Development > z/OS Enabling Technologies > edros...@us.ibm.com > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of > Radoslaw Skorupka > Sent: Friday, June 24, 2022 9:14 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: [EXTERNAL] Encrypted datasets - question about key (pervasive > encryption) > > Encrypted dataset can be easily recognized using ISPF/PDF 3.4 - I line > commands. > However "Encrypted - YES" does not contain some important details. > Next step could be IDCAMS LISTCAT ENT(dataset) - it shows key label. > However in some cases it is possible to have two different keys with same > label. I guess that's why KVV is recorded in VVDS. > Now the question: how to get information about the KVV without digging in > VVDS structures? > > -- > Radoslaw Skorupka > Lodz, Poland > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
