Recent Key Usage Enforcement
There may be occasions when you need to re-encrypt or re-tokenize fields immediately after updating their Data Keys or Tokens, instead of waiting for the scheduled procedures to run. These options should only be run on the computer/LPAR where the Data Manager is situated, as defined in General Definitions.
Before running these options, you should ensure that the Encryption subsystem ZENCRPT is active. See Work with Subsystems and Activation for further details.
Force Encryption Rotation
This procedure should be run for every file that contains data whose encryption Data Keys have been updated.
(This option is relevant for Field Rotate Type with a value of 6, in the Add Occurrence screen.)
NOTE: This function can only be performed by a user who has authorization to see all encrypted Business Items in the file as clear data.
To re-encrypt fields:
-
Select 82. Maintenance Menu in the Encryption main menu. The Maintenance menu appears.
| ENMINTM Maintenance Menu Select one of the following: Recent Key Usage Enforcement Trace Definition Modification 21. Force Encryption Rotation 71. Add Journal 22. Force Tokenization Rotation 72. Remove Journal 78. Real-Time Definition Change Alerts Supporting Commands 79. Display Journal 31. Copy Fields for Encryption 32. Change Authorization Groups 33. Encrypt/Decrypt Fields Does not support TOKENIZATION Uninstall 98. Uninstall the product More 41. Print List of Encrypted Fields Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=System main menu |
-
Select 21. Force Encryption Rotation from the Maintenance Menu. The Force Encryption Key Rotate screen appears.
| Force Encryption Key Rotate (FRCENCRTT) Type choices, press Enter. File . . . . . . . . . . . . . . Name Library . . . . . . . . . . . Name, *LIBL Job description . . . . . . . . QBATCH Name, *NONE Library . . . . . . . . . . . *PRODUCT Name, *PRODUCT, *LIBL... Schedule date . . . . . . . . . *CURRENT Date, *CURRENT, *MONTHSTR... Schedule time . . . . . . . . . *CURRENT Time, *CURRENT Bottom F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display F24=More keys |
Figure : Force Encryption Key Rotate screen
|
Parameters |
Description |
|---|---|
|
File |
The name of the file that contains fields that must be re-encrypted. |
|
Library |
The name of the library that contains the file object. |
-
Enter information about the file to be re-encrypted and press Enter . You are returned to the Maintenance menu and the file is re-encrypted.
Force Tokenization Rotation
This procedure should be run for to force re-encryption of every tokenized file that has not been re-encrypted since a certain date.
NOTE: This function can only be performed by a user who has authorization to see all encrypted Business Items as clear data.
To re-encrypt fields:
-
Select 82. Maintenance Menu in the Encryption main menu. The Maintenance menu appears.
-
Select 22. Force Tokenization Rotation from the Maintenance Menu. The Force Tokenization Key Rotate screen appears.
| Force Tokenization Key Rotate (FRCTKNRTT) Type choices, press Enter. Keys rotated before . . . . . . Date Token file . . . . . . . . . . . *ALL Name, generic*, *ALL Bottom F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display F24=More keys |
Figure : Force Encryption Key Rotate screen
|
Parameters |
Description |
|---|---|
|
Keys rotated before |
Enter a cutoff date in Job Date format. All records in the files that meet the second parameter with an encryption date before this date will be re-encrypted. |
|
Token file |
The name of the file(s) to be re-encrypted. Name – The name of a specific token file generic* - A group of token files *ALL – All token files |
-
Enter information about the file to be re-encrypted and press Enter . You are returned to the Maintenance menu and the file is re-encrypted.
To find the name of a specific token file or a group of token files, run the command
DSPOBJD OBJ(SMZETKN/*ALL) OBJTYPE(*FILE) DETAIL(*BASIC) on the computer where the Token Manager is located. The name of the file to which each Token File is associated is contained in the text description of the Token File.