Tables are encrypted with Datacom basic data encryption.
Is it possible to change the Datacom encryption key or delete the existing key and create a new key?
Release: 15.1
The basic encryption key is set by the DBUTLTY ENCRYPT function:
ENCRYPT OPTION=SET_BASIC_KEY_1,OPTION2=*,OPTION4=*
By using * in OPTION2 and OPTION4 Datacom will generate a random encryption key value.
The encryption key value can be seen by running DBUTLTY with:
REPORT AREA=CXX,TYPE=K
The encryption key is stored in the CXX, it is then used to encrypt the tables defined with encryption in the table definition.
The keys you specify are considered "handles" of the actual encryption key to be used.
If using AES256 a 256 bit encryption key will be generated from the handle key you specify.
Datacom basic encryption only supports one encryption key in the CXX.
To change the encryption key perform the following:
Note that DBUTLTY needs to be APF Authorized when working with encrypted tables.
Article Enabling ENCRYPTION for Datacom Databases explains the process of enabling encryption.
For encryption we recommend converting to VSAM Linear datasets instead of EXCP so you can use IBM Pervasive Encryption.
See documentation section ENCRYPT (Facilitate Data Encryption) and VSAM Linear Datasets with Media Manager.
See article Enabling ENCRYPTION for Datacom Databases