Todd pointed me to this topic, because it's a z/VSE related question, not z/OS. From my point of view Tony and Todd explained everything correctly. Just one additional info: There is an optional feature "Encryption Facility for z/VSE" that allows encrypting data at rest (Librarian members, VSAM files, backup tapes, real tapes and vtapes). It's functionality and usage is described in the z/VSE Administration Guide: https://www.ibm.com/systems/z/os/zvse/documentation/#vse It uses CPACF and crypto cards transparently. CPACF is used for encrypting the data. A crypto card is needed only when using public-key encryption (refer to the book) with an RSA key greater than 1024 bits. The other option is "password-based" encryption, where the symmetric key gets derived from a password/passphrase.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN