Thanks for the information. The example command ' TSS PER(USER1) DSNAME(ACCT.FILE.DATA) DSKEY(AES_SECURE_KEY) SYMCPACFRET(YES)' the SYMCPACFRET option does not work
The command without the SYMCPACFRET option is successful. Waiting for customer to test. Thank You -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Charles Mills Sent: Wednesday, March 07, 2018 9:05 AM To: [email protected] Subject: Re: CA-TSS Question Took a little bit, but I have an answer from TSS development: DSKEY Keyword-Dataset Encryption Key Label Last update September 28, 2017 Valid on z/OS. Use the DSKEY keyword to specify the key label that encrypts/decrypts the data in the z/OS Integrated Cryptographic Service Facility (ICSF) cryptographic key data set (CKDS). This keyword has the following format: TSS PER(acid) DSNAME(dataset_resource) DSKEY(key_label) key_label Specifies a 1- to 64-character data set key label. This keyword is used with: PERMIT command ACID types User, DCA, VCA, ZCA, LSCA, and SCA DSNAME resource class only Resource(XAUTH) authority to specify ACTION for resources that are owned within their scope Example: Associate a Key Label with a Data Set This example associates a data set key label with ACCT.FILE.DATA and-through the SYMCPACFRET setting-allows ICSF to return a protected key in a wrapped form: TSS PER(USER1) DSNAME(ACCT.FILE.DATA) DSKEY(AES_SECURE_KEY) SYMCPACFRET(YES) And here is the link to our doc on the enhancement: https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/product-information/ca- top-secret-version-16-product-enhancements#CATopSecretVersion16ProductEnhanc ements-DataSetEncryptionSupport(RO97892) Sorry if IBMMAIN breaks that link. Try this one if so: http://bit.ly/2FgCxbr Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Steely.Mark Sent: Tuesday, March 6, 2018 10:07 AM To: [email protected] Subject: CA-TSS Question We are z/OS v2.2 and CA-TSS V16. Does CA-TSS support the encryption key label in the DFP segment. This is the sample for RACF. /*-------------------------------------------------------------------*/ /* Specify the encryption key label in the DFP segment. */ /*-------------------------------------------------------------------*/ ALTDSD 'EYSHA.ICSF.ENCRYPT.ME.*' + DFP(DATAKEY(DATASET.EYSHA.ICSF.ENCRYPT.ME.ENCRKEY.00000001)) All my searches came up empty. Any help would be appreciated. Thank You *** Disclaimer *** This communication (including all attachments) is solely for the use of the person to whom it is addressed and is a confidential AAA communication. If you are not the intended recipient, any use, distribution, printing, or copying is prohibited. If you received this email in error, please immediately delete it and notify the sender. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN *** Disclaimer *** This communication (including all attachments) is solely for the use of the person to whom it is addressed and is a confidential AAA communication. If you are not the intended recipient, any use, distribution, printing, or copying is prohibited. If you received this email in error, please immediately delete it and notify the sender. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
