Can't read encrypted tape on other LPAR
search cancel

Can't read encrypted tape on other LPAR


Article ID: 139293


Updated On:


Tape Encryption


Virtual tape from CA Vtape (Vvvvvvv.VVE and Vvvvvvv.VOL data sets) has been copied from SYSA NFS directory to the corresponding SYSB NFS directories. The tape could be recalled from NFS cache successfully on the SYSB system, but trying to read the tape failed with 
BES1T0351I BESKEY=000000## CMP=xx                                     
BES1T0352I UCB=xxxx Algorithm=xxxxxx   KeyLabel=xxxxxx_KEY            
BES1T0304E Key not available on this system - Tape cannot be decrypted
how to copy the encryption key from SYSA to the SYSB system?


Release : 14.5

Component : CA Tape Encryption


The Encryption key can't be copied to the SYSB System. 
in this environment the BES Database is used to store the encryption keys.
In order to read tapes on SYSB, that were created on SYSA, the following methods can be used:

1. start a second BES subsytem on SYSB with a copy of the keys Database from SYSA, containing the Keys, that were used to create the tape

2. Use B2B tapes. For details see chapters "Keys for Business Partners" and "How B2B Keys Work with Digital Certificates"

3. On the SYSA system create an unencrypted copy of the tape using CA COPYCAT for example and copy this tape to SYS