Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Preconditions and restrictions for file encryption

BS2000 supports the use of encrypted files via the CRYPT subsystem (see the “CRYPT” manual [24 (Related publications)]). CRYPT can also be used for other purposes in the same system (e.g. for encryption in the event of file transfer or IPSec).

If an encrypted file is located on a shared pubset, the preconditions for operation with encrypted files must be met on all systems from which the file is to be accessed with encryption.

Existing application which are to work with encrypted files generally do not need to be modified. Modifications to applications are necessary only if new, encrypted files are to be created by the application.

Restricted access

Pubsets with encrypted files can also be imported when the system does not fulfill the requirements for file encryption (e.g. CRYPT subsystem is not available).

In this case it is not possible to access these files with decryption of the contents. Nor can the file attributes be modified. The encrypted files can only be displayed (SHOW-FILE-ATTRIBUTES) and deleted (DELETE-FILE). Homogeneous transfer of these files (see "Concept of file encryption") is possible.

Scope and use of encrypted files

Only disk files on pubsets can be encrypted.

Encrypted files can be used for all access types (exceptions: EAM and BTAM), all file types and all pubset types.

The crypto password must be specified for restoring ISAM files (VERIFY) and for conversion using PAMCONV.

Compatibility with other protection mechanisms

When a file protected with a read and/or execute password is converted into an encrypted file, it loses its read and/or execute password protection.

File encryption can be combined with the write password (WRITE-PASSWORD) and with all other protection mechanisms. The familiar features of these protection mechanisms are complemented by the crypto password.

Restrictions and special aspects

  • The link to the CRYPT subsystem means that access to encrypted files is possible only as of “System Ready”.

  • Job variables, tape files and files on Net-Storage or private disks cannot be encrypted.

  • Files of the TSOS user ID on the home pubset cannot be encrypted.

  • An encrypted file must be decrypted before it can be printed (see also "Printing out anencrypted file" (Application scenarios)).

  • The SAVE-PLAM-INFO option is not executed for encrypted PLAM libraries in the event of an HSMS backup.

  • Conversion from K format to an NK format is not possible when restoring or importing a K file from a save volume to an NK disk if the file is encrypted.

  • Files with a valid last-byte pointer are not encrypted.

Powered by Atlassian Confluence and Scroll Viewport.