To create an encrypted database, allocate its container datasets as encrypted, format them and define the database:
Run ADAFRM ASSOFRM, DATAFRM and so on, specifying the database container datasets with DISP=(NEW,CATLG) and the encryption key label (DSKEYLBL parameter). Alternatively, the key label can be derived from the RACF profile or the SMS policy for each dataset.
Run ADADEF DEFINE on the database container datasets.
Step 1 is the only point in the lifetime of each dataset where its key label must be provided (via DSKEYLBL, RACF or SMS). The key label is then stored in the catalog entry for the dataset. Afterwards, it need not be specified and cannot be changed anymore.
When creating encrypted database container datasets, specify ADARUN parameter ENCRYPTION=YES in the ADAFRM job steps that format the datasets as well as in all later Adabas nucleus or utility jobs or started tasks that access any of the datasets.
In the following example, two job steps create, format, and define a database with ASSO, DATA, WORK and PLOG datasets that are encrypted using the key referred to by ‘ADABAS.KEY.LABEL’. Parameters required for the creation and use of encrypted database container datasets are shown in italics:
//* CREATE AND FORMAT NEW DATABASE CONTAINER DATASETS //* //FORMAT EXEC PGM=ADARUN //DDASSOR1 DD DSN=ADABAS.DB215.ASSOR1,DISP=(NEW,CATLG), // UNIT=3390,SPACE=(CYL,100), // DSKEYLBL='ADABAS.KEY.LABEL' //DDDATAR1 DD DSN=ADABAS.DB215.DATAR1,DISP=(NEW,CATLG), // UNIT=3390,SPACE=(CYL,300), // DSKEYLBL='ADABAS.KEY.LABEL' //DDWORKR1 DD DSN=ADABAS.DB215.WORKR1,DISP=(NEW,CATLG), // UNIT=3390,SPACE=(CYL,20), // DSKEYLBL='ADABAS.KEY.LABEL' //DDPLOGR1 DD DSN=ADABAS.DB215.PLOGR1,DISP=(NEW,CATLG), // UNIT=3390,SPACE=(CYL,20), // DSKEYLBL='ADABAS.KEY.LABEL' //DDPLOGR2 DD DSN=ADABAS.DB215.PLOGR2,DISP=(NEW,CATLG), // UNIT=3390,SPACE=(CYL,20), // DSKEYLBL='ADABAS.KEY.LABEL' //DDDRUCK DD SYSOUT=* //DDPRINT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //DDCARD DD * ADARUN PROG=ADAFRM,DBID=215,SVC=249,DEVICE=3390,MODE=MULTI ADARUN ENCRYPTION=YES //DDKARTE DD * ADAFRM ASSOFRM SIZE=100 ADAFRM DATAFRM SIZE=300 ADAFRM WORKFRM SIZE=20 ADAFRM PLOGFRM SIZE=20,NUMBER=1 ADAFRM PLOGFRM SIZE=20,NUMBER=2 //* //* DEFINE NEW DATABASE IN ENCRYPTED CONTAINER DATASETS //* //DEFINE EXEC PGM=ADARUN //DDASSOR1 DD DSN=ADABAS.DB215.ASSOR1,DISP=OLD //DDDATAR1 DD DSN=ADABAS.DB215.DATAR1,DISP=OLD //DDWORKR1 DD DSN=ADABAS.DB215.WORKR1,DISP=OLD //DDDRUCK DD SYSOUT=* //DDPRINT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //DDCARD DD * ADARUN PROG=ADADEF,DBID=215,SVC=249,DEVICE=3390,MODE=MULTI ADARUN ENCRYPTION=YES //DDKARTE DD * ADADEF DEFINE DBID=215,DBNAME='MY ENCRYPTED DB' ADADEF ASSOSIZE=100,DATASIZE=300,WORKSIZE=20 ADADEF MAXFILES=255,FILE=1,CHECKPOINT ADADEF MAXISN=1000,DSSIZE=10B,NISIZE=5B,UISIZE=3B
See sample job CRE010 in the AEZvrs.JOBS library.