Creating a DB2 encryption edit procedure by editing a sample job

InfoSphere® Guardium Data Encryption provides sample jobs that you can edit to create the edit procedure.

Before you begin

Obtain the cryptographic key label from the security analyst who installs or administers Integrated Cryptographic Service Facility (ICSF).

About this task

You can create encryption edit procedure by editing any of these sample jobs, which are available in PDS smphlq.SDECSAMP, where smphlq is the SMP/E high-level qualifier for the product:

DECDB2CL: This job link-edits the DB2® CPACF protected key edit procedures, DECENB00 and DECENBI0, with the corresponding ICSF callable services.
DECDB2JB: This job link-edits the DB2 secure key edit procedures, DECENC00 and DECENCA0, with the corresponding ICSF callable services.
DECDB2CK: This job link-edits the DB2 clear key edit procedure, DECENA00, with its corresponding ICSF callable services.
DECDB2XK: This job link-edits the DB2 CPACF exit-protected key edit procedure, DECENAA0, with its corresponding ICSF callable services.

Procedure

Edit the sample job that is associated with the edit procedure that you want to use.
Replace all lowercase JCL variables and data set names with values that are appropriate for your installation. The edit procedure name that you specify must be a unique name; it cannot be a DBD name.
At the bottom of the jobs, replace the variable yyyyyyyyyy with the cryptographic key label that was built by your security analyst.
The encryption key label that you specify can be up to 64 characters long. If you do not use all 64 characters, include the correct number of trailing blanks before the right parenthesis that ends the parameter list.
For example, if your encryption key label is 50 characters long, include 14 trailing blanks, as in this example:
```
(yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy              )
```

What to do next

If you modify the encryption edit procedure, a DB2 restart is required to refresh the encryption edit procedure with the new version.

You might have to customize the job to run in your ISPF/PDF environment. For example, you might have to add your ISPF basic target libraries to the appropriate //ISPxLIB ddname concatenations and add //ISPTABL to point to the same libraries as //ISPTLIB.