You need encryption software to do the actual encryption. ICSF provides "base" for most encryption software. You could write you own encryption software using ICSF APIs
We use CA-Tape Encryption (and other encryption software). It has an option that will do AES encryption in the software. Good for the old z900 with no CCF But your z9 has CPACF, so you can offload the AES encryption to it. You need the ICSF software, but you do not need the CSF started task. The CSF task's purpose in life is to enable CCF and CE2X crypto boards, not CPACF You do not need to do anything with the ICSF's ISPF to enable CPACF. (The CE has enable it with a POR and someone has to assign to your LPAR). You do not need to do any of the Master Key stuff (unless you have a CEX2 and need to do Secure Key processing) You do not need any extra hardware (like a CEX2) to do most encryption. The CEX2 gives you either Secure Key processing or SSL acceleration, which is a bit of overkill for most people The manuals are very poor. There are so many options, most of which you will never need or use Encryption is simple on a z9/Z10. Just enable CPACF and your encryption software should do the rest. You may want to spend some time thinking about your encryption keys. You need to decide if you want to use symmetric keys stored in CA-Tape Encryption's vsam databases or Digital Certificates stored in RACF/ACF2 databases. Each has its advantages and dis-advantages Steve Finch EDS, an HP company -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Lucy Arnold Sent: Friday, October 03, 2008 5:45 PM To: [email protected] Subject: Crypto HELP. Hello all! I have a Z9 BC with no extra crypto processors. (ZOS 1.7) We are in the process of installing ICSF so we can encrypt tapes that go offsite (CA:DISK and CA:VTAPE tapes) Does anyone have any nuggets of wisdom on how to do this??? I have all the manuals printed but can't seem to find the ISMF panel that I need. Most of the panels seem to suggest you need additional processors to use them. One manual suggests it's a completely batch operation. There is a SYSPROG guide with a plethera of Assembler exits - perhaps they are how the encrypt/decrypt gets called??? My brain has turned to green slime and is coming out of my ear - ANY help would be appreciated. :) Thanks in advance! Lucy Arnold Storage Manager U.C. Davis Medical Center 916-734-5498 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
