Here are some client questions regarding CA View ICSF encryption questions:
. What is stored and restored regarding View encryption keys?
. It is noticed that CA-View generated 2 data keys, a 128-bit and 256-bit key. What are the purposes of these keys?
Release : 14.0
Component : CA View
CA View only creates ICSF keys with two names that start with CAOMCKDS and CAOMPROD. Those keys can be backed up and then restore them in a recovery situation. If there is a disaster sight and the keys are to be copied from a production site to that, or any, site, only copy the CAOMPROD keys. The CAOMCKDS is a specific key for the specific IPCS CKDS data sets and should not be copied to other CKDS data sets.
The CAOMCKDS is a 128-bit key, however it is not used for encryption or decryption. It is used to hold a special CKDS-specific marker. The CAOMPROD keys contain the 256-bit AES keys, which are used in the encryption and decryption services.
There is an enhancement request open for View ICSF encryption to involve encrypted keys.