Creating a New, Encrypted Database

To create an encrypted database, allocate its container datasets as encrypted, format them and define the database:

  1. Run ADAFRM ASSOFRM, DATAFRM and so on, specifying the database container datasets with DISP=(NEW,CATLG) and the encryption key label (DSKEYLBL parameter). Alternatively, the key label can be derived from the RACF profile or the SMS policy for each dataset.

  2. Run ADADEF DEFINE on the database container datasets.

Step 1 is the only point in the lifetime of each dataset where its key label must be provided (via DSKEYLBL, RACF or SMS). The key label is then stored in the catalog entry for the dataset. Afterwards, it need not be specified and cannot be changed anymore.

When creating encrypted database container datasets, specify ADARUN parameter ENCRYPTION=YES in the ADAFRM job steps that format the datasets as well as in all later Adabas nucleus or utility jobs or started tasks that access any of the datasets.

In the following example, two job steps create, format, and define a database with ASSO, DATA, WORK and PLOG datasets that are encrypted using the key referred to by ‘ADABAS.KEY.LABEL’. Parameters required for the creation and use of encrypted database container datasets are shown in italics: 

//*  CREATE AND FORMAT NEW DATABASE CONTAINER DATASETS
//*
//FORMAT   EXEC  PGM=ADARUN
//DDASSOR1 DD  DSN=ADABAS.DB215.ASSOR1,DISP=(NEW,CATLG),
//             UNIT=3390,SPACE=(CYL,100),
//             DSKEYLBL='ADABAS.KEY.LABEL'
//DDDATAR1 DD  DSN=ADABAS.DB215.DATAR1,DISP=(NEW,CATLG),
//             UNIT=3390,SPACE=(CYL,300),
//             DSKEYLBL='ADABAS.KEY.LABEL'
//DDWORKR1 DD  DSN=ADABAS.DB215.WORKR1,DISP=(NEW,CATLG),
//             UNIT=3390,SPACE=(CYL,20),
//             DSKEYLBL='ADABAS.KEY.LABEL'
//DDPLOGR1 DD  DSN=ADABAS.DB215.PLOGR1,DISP=(NEW,CATLG),
//             UNIT=3390,SPACE=(CYL,20),
//             DSKEYLBL='ADABAS.KEY.LABEL'
//DDPLOGR2 DD  DSN=ADABAS.DB215.PLOGR2,DISP=(NEW,CATLG),
//             UNIT=3390,SPACE=(CYL,20),
//             DSKEYLBL='ADABAS.KEY.LABEL'
//DDDRUCK  DD  SYSOUT=*
//DDPRINT  DD  SYSOUT=*
//SYSUDUMP DD  SYSOUT=*
//DDCARD   DD  *
 ADARUN PROG=ADAFRM,DBID=215,SVC=249,DEVICE=3390,MODE=MULTI
 ADARUN ENCRYPTION=YES
//DDKARTE  DD  *
 ADAFRM ASSOFRM SIZE=100
 ADAFRM DATAFRM SIZE=300
 ADAFRM WORKFRM SIZE=20
 ADAFRM PLOGFRM SIZE=20,NUMBER=1
 ADAFRM PLOGFRM SIZE=20,NUMBER=2
//*
//*  DEFINE NEW DATABASE IN ENCRYPTED CONTAINER DATASETS
//*
//DEFINE   EXEC  PGM=ADARUN
//DDASSOR1 DD  DSN=ADABAS.DB215.ASSOR1,DISP=OLD
//DDDATAR1 DD  DSN=ADABAS.DB215.DATAR1,DISP=OLD
//DDWORKR1 DD  DSN=ADABAS.DB215.WORKR1,DISP=OLD
//DDDRUCK  DD  SYSOUT=*
//DDPRINT  DD  SYSOUT=*
//SYSUDUMP DD  SYSOUT=*
//DDCARD   DD  *
 ADARUN PROG=ADADEF,DBID=215,SVC=249,DEVICE=3390,MODE=MULTI
 ADARUN ENCRYPTION=YES
//DDKARTE  DD  *
 ADADEF DEFINE DBID=215,DBNAME='MY ENCRYPTED DB'
 ADADEF        ASSOSIZE=100,DATASIZE=300,WORKSIZE=20
 ADADEF        MAXFILES=255,FILE=1,CHECKPOINT
 ADADEF        MAXISN=1000,DSSIZE=10B,NISIZE=5B,UISIZE=3B

See sample job CRE010 in the AEZvrs.JOBS library.