Is ICSF xKDS file a VSAM? Yes.
So, why to keep the keys in CKDS/PKDS instead of RACFdb?
1. Because the keys in CKDS/PKDS are *well encrypted* using secret key
(CryptoExpress MK). Assumed you have CEX.
2. Because any key kept in RACF is kept along with the encryption key
for that key.
3. Because still a majority of RACF installations do not use encrypted
VSAM db (yet). In such scenario any authorized person (i.e. bad RACF
admin) can read whole db and then do the cracking excercises.
BTW: Recently I did encrypt RACF db. Results: none. Nothing happened.
The database is encrypted - the only change, but it is invisible to
administrators.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 17.01.2024 o 21:29, Steve Beaver pisze:
On z/OS isn't that the ICSF CKDS VSAM file? Yes
Steve
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On
Behalf Of Farley, Peter
Sent: Wednesday, January 17, 2024 1:38 PM
To:[email protected]
Subject: Re: I hate to be a pain (Cross-Posted)
On z/OS isn't that the ICSF CKDS VSAM file?
Peter
From: IBM Mainframe Discussion List<[email protected]> On Behalf Of
Steve Beaver
Sent: Wednesday, January 17, 2024 1:32 PM
To:[email protected]
Subject: I hate to be a pain (Cross-Posted)
This is not may area of expertise, and I can't find a YOUTUBE or a step by
step checklist
How does one create a keystore on zOS?
Regards,
Steve
--
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
