I was under the impression that there is no technical requirement for the key to be a secure key. So data encryption can be used with clear keys in the CKDS when a Crypto Express is not available.
Lennie Dymoke-Bradshaw https://rsclweb.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Mark Jacobs Sent: 09 June 2022 01:48 To: [email protected] Subject: Re: Encrypted dataset - any eye catcher? I found this in a 2017 IBM Security presentation. So it looks like it's XTS-AES. Key label: 64-byte label of an existing key in the ICSF CKDS used for access method encryption/decryption. Encryption type: AES-256 bit data key (XTS, protected key). Note: AES-256 key must be generated as a secure key (i.e. protected by crypto express AES Master Key) Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&[email protected] ------- Original Message ------- On Wednesday, June 8th, 2022 at 8:38 PM, Phil Smith III <[email protected]> wrote: > Radoslaw's question makes me ask a pure curiosity question: what AES > mode is used by z/OS data set encryption? I Googled but all I found > was "256-bit AES", which doesn't answer the question. > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
