Using the sample utility in the TechDoc would be one solution and I know of
customers that are using it, however that implies a couple of things:
1) You have to install and maintain the sample code from the TechDoc (i.e. it
is provided 'as is', and for some customers that may not be acceptable)
Greg –
Thanks for your reply, it’s a great overview.
My concern is not with master keys, only with the data keys (we have tested
documented master key recovery procedures). The last half of your answer is a
big help. We currently encrypt/decrypt data using one ‘data’ key for all prod
You've gotten some good feedback on RACF-L, however I'll comment here, because
I think this is more appropriate for IBM-MAIN.
(I do disagree with Russ's suggestion to write down the key material though.
There is no point in paying big bucks for the secure key technology and then
storing the
I'm reviewing some of our set-up for the ICSF encryption processing. We do
not have a TKE or the use at your own risk ISPF panels that IBM supplies.
We currently create data keys via KGUP and let the ICSF generate the key, so
no human has knowledge of the key parts.
Should something catastrophic
