Hi all,

my current experience with ICSF is to create a hash value for a XML-message, sign it with the private key of a certificate and send the message including a base64-encoded certificate to a server. I used CSNDBOWH, CSNDDSG and CSNDKRR and CSNDPKX for that.

Now I want to use ICSF functions to encrypt data when loading it to a dataset and decrypting it in CICS. I thought of using CSNBENC, which uses a CKDS-keys for encryption. But where do I get the label or token from? Listing the certicate does not give a label or token?

Many thanks for any help

Regards

Helmut

Dataset encryption might be an option. Assuming your dataset format is supported, you'll be able to associate a key with the dataset and the system handles all the encryption/decryption.

In any event, you or someone else needs to create the encryption key. I would recommend creating an AES 256-bit CIPHER key so it is Quantum-safe. To create such a key take a look at the CSNBKTB2 and CSNBKGN2 services (KTB2 may not be necessary if the defaults are acceptable). To use that key to encrypt and decrypt data, use the CSNBSAE/CSNBSAD services.

Hi all,

my current experience with ICSF is to create a hash value for a XML-message, sign it with the private key of a certificate and send the message including a base64-encoded certificate to a server. I used CSNDBOWH, CSNDDSG and CSNDKRR and CSNDPKX for that.

Now I want to use ICSF functions to encrypt data when loading it to a dataset and decrypting it in CICS. I thought of using CSNBENC, which uses a CKDS-keys for encryption. But where do I get the label or token from? Listing the certicate does not give a label or token?

Many thanks for any help

Regards

Helmut

Hi Roan,

thank you for your answer. My first thought was to use a certificate with a pair of public/private keys for this.

But to create an own key in RACF and use this for encryption/decryption might make it easier. I will try and let you know.

Kind Regards

Helmut

Dataset encryption might be an option. Assuming your dataset format is supported, you'll be able to associate a key with the dataset and the system handles all the encryption/decryption.

In any event, you or someone else needs to create the encryption key. I would recommend creating an AES 256-bit CIPHER key so it is Quantum-safe. To create such a key take a look at the CSNBKTB2 and CSNBKGN2 services (KTB2 may not be necessary if the defaults are acceptable). To use that key to encrypt and decrypt data, use the CSNBSAE/CSNBSAD services.

Hi all,

my current experience with ICSF is to create a hash value for a XML-message, sign it with the private key of a certificate and send the message including a base64-encoded certificate to a server. I used CSNDBOWH, CSNDDSG and CSNDKRR and CSNDPKX for that.

Now I want to use ICSF functions to encrypt data when loading it to a dataset and decrypting it in CICS. I thought of using CSNBENC, which uses a CKDS-keys for encryption. But where do I get the label or token from? Listing the certicate does not give a label or token?

Many thanks for any help

Regards

Helmut