If you run the policy utility IXCMIAPU to create/replace an administrative policy in the CFRM CDS, then for any structure definition that specifies ENCRYPT(YES), the system will create an encryption key for that structure provided the CFRM CDS does not already have a key for the structure. That is, a key is generated if neither the current active policy nor any of the existing administrative policies specify ENCRYPT(YES) for the structure. Any such key is wrapped by the master AES key and stored in the CFRM CDS. Depending on CFLEVEL, the wrapped key may also be stored in the CF as well. However, one should think of the CFRM CDS as being "the" key repository for encrypted CF structures.
Yes, all the encryption/decryption is performed by z/OS. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
