IBM Crypto Education Community

   Hi.!
I think this is my first question in this fórum.
I work in a large company in Spain, as a Mainframe Security engineer.
I have worked a lot with RACF and ICSF.

People frequently ask me for an UTILITY to cipher a dataset on Mainframe (zOS v.2.3 Z13) in a useful and Handy way, just to send it to some foreign partner not having Mainframe.

Years ago, when it was not posible,  I made a little rexx program to do it, record by record, but this is not very suitable now.

After of all these years, may be I'm a little out of date, so my question is:

Is there currently a verb/command/utility generally available to cipher a file just using ICSF, without installing strange software or ciphering it by myself built utilities?

I'm not referring to pervasive or so, as it cìphers a file in my Mainframe but not for transferring it outside.

My wish would be really a command which I can order "hey, cipher this file with this label".   I never knew about it….

Thanks in advance
 

Hi Jose,

Typically, z/OS users, install / use the Encryption Facility for z/OS product to encrypt data sets in OpenPGP format to be sent to a business partner and/or stored on tape. For more detail on Encryption Facility, reference the links below:

• Overview... https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.csde100/chapover.htm
• Pricing... http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&appname=Demonstration&htmlfid=897/ENUS207-008
• Publications... https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.csd/csd.htm

Hopefully this helps!

Hello Eysha,

What if we just have ICSF installed and do not have the Encryption Facility product? I have been creating APIs for symmetric key encryption for use at our shop and we do not have Encryption Facility for z/OS installed. I have been creating APIs using the callable services to make things simple for the programmers but it's really hard work given that there are not many blogs and guidelines around on how to do this using ICSF alone. We have questions around encryption of data sets, DL1 database segments and fields and DB2 columns.

They go like:

1. Do we read record by record and encrypt? How do we store the IV in this case?

2. How can we minimize the impact to DB2 tables and DL1 databases if we have to encrypt selective columns and segments? (use a compression routine may be?)

And many more...

I was wondering if you have some guidelines or best practices to share when it comes to encryption of data just by using ICSF (AES symmetric key encryption to start with may be)? May be you can start a blog?

Regards,

Deepak