Took a little bit, but I have an answer from TSS development:

DSKEY Keyword-Dataset Encryption Key Label Last update September 28, 2017
Valid on z/OS.

Use the DSKEY keyword to specify the key label that encrypts/decrypts the
data in the z/OS Integrated Cryptographic Service Facility (ICSF)
cryptographic key data set (CKDS).

This keyword has the following format:

TSS PER(acid) DSNAME(dataset_resource) DSKEY(key_label)

key_label

Specifies a 1- to 64-character data set key label.

This keyword is used with:

PERMIT command
ACID types User, DCA, VCA, ZCA, LSCA, and SCA DSNAME resource class only
Resource(XAUTH) authority to specify ACTION for resources that are owned
within their scope
Example: Associate a Key Label with a Data Set This example associates a
data set key label with ACCT.FILE.DATA and-through the SYMCPACFRET
setting-allows ICSF to return a protected key in a wrapped form:

TSS PER(USER1) DSNAME(ACCT.FILE.DATA) DSKEY(AES_SECURE_KEY) SYMCPACFRET(YES)


And here is the link to our doc on the enhancement:
               
 
https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/product-information/ca-
top-secret-version-16-product-enhancements#CATopSecretVersion16ProductEnhanc
ements-DataSetEncryptionSupport(RO97892) 

Sorry if IBMMAIN breaks that link. Try this one if so: http://bit.ly/2FgCxbr


Charles

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Steely.Mark
Sent: Tuesday, March 6, 2018 10:07 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: CA-TSS Question

We are z/OS v2.2 and CA-TSS V16.

Does CA-TSS support the encryption key label in the DFP segment.

This is the sample for RACF.

/*-------------------------------------------------------------------*/
/* Specify the encryption key label in the DFP segment.              */
/*-------------------------------------------------------------------*/
ALTDSD 'EYSHA.ICSF.ENCRYPT.ME.*'                                       +
   DFP(DATAKEY(DATASET.EYSHA.ICSF.ENCRYPT.ME.ENCRKEY.00000001))

All my searches came up empty.

Any help would be appreciated.

Thank You

*** Disclaimer ***
This communication (including all attachments) is solely for the use of the
person to whom it is addressed and is a confidential AAA communication. If
you are not the intended recipient, any use, distribution, printing, or
copying is prohibited. If you received this email in error, please
immediately delete it and notify the sender.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email
to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to