1.  How can the encryption algorithm for Tape Encryption be changed from AES128 to AES256?

2.  Also, after this change is complete, will the tapes with the encryption algorithm AES128 be readable?

3.  And, are there any other considerations after this change? 

1. You can simply define the new AES256 keys in BESPARMS, and then do a ‘BESn REFRESH=SYMKEYS’ to activate the new keys (no need to restart the BESn task).
2. Any existing tapes which used the old AES128 keys will continue to be decryptable, even if the key definitions for AES128 are deactivated in BESPARMS. When all old tapes using the AES128 key become scratched/expired, then at this point the AES128 key will become eligible (‘marked’) for deletion from the BES DB (and even here, this is not automatic, there is a 30-day window before the keys are marked, and even then you have to run a job such as BESKMNTT, etc. to permanently delete these keys). 
3. To perform the migration to AES256 encryption and no longer use AES128, you will have to do one of the following: 

          a) Use some form of copy utility to move the data from the old tape to a new one using the new encryption algorithm (for best performance, a DFSORT COPY would be best). 

          b) If you have Copycat use the copy utility to move the data (which would drive the decryption and encryption processes).

You can review our Product Documentation for additional information on how to code PARMLIB members or use the BTE (Tape Encryption) utilities: 

Tape Encryption Documentation

 As always, please contact Broadcom support for the Tape Encryption product if you have further questions.