Deactivate IFS Encryption (DCTIFSENC)

The Deactivate IFS Encryption (DCTIFSENC) command allows authorized users to deactivate an *ACTIVE entry in the IFS Encryption Registry.



                   Deactivate IFS Encryption (DCTIFSENC)                  

                                                                            Type choices, press Enter.

                                                  

IFS identifier . . . . . . . . DATA       ____________      

Save directory(s). . . . . . .  *YES          *YES, *NO                                                                                                  

Screen Example:  DCTIFSENC Command with Sample Values

It is strongly recommended to submit this command to batch.

The following users can utilize this command:

  • QSECOFR user profile (unless excluded in the Key Officer settings)
  • A user profile with *SECADM authority (unless excluded in the Key Officer settings)
  • A Key Officer whom has a *YES specified for the "Maintain IFS Enc. Registry" authority setting

This command requires that you have *CHANGE authority to the CRVL003 Validation List (*VLDL) object which contains the IFS Encryption Registry.

IMPORTANT: Before using the DCTIFSENC command to decrypt IFS files, do the following steps:
  1. Make sure you have *ALL authority to the IFS directories containing the files to decrypt.
  2. Within a test environment, you should have tested DCTIFSENC and tested your applications thoroughly with decrypted files.
  3. No applications or users should be currently using the IFS directories containing the files to decrypt.

The DCTIFSENC command will perform a mass decryption of the IFS files in the encrypted directory(s). You should allocate enough downtime for the DCTIFSENC to execute. Execution times will vary depending on the processor speed of your system, the number of files in the directories, and other activity running on the system at the time. To estimate the execution time for DCTFLDENC, first run the DCTFLDENC command over some test files.

IMPORTANT: You should have at least *USE authority to the Authorization List assigned to this entry, as well as at least *USE authority to the Key Stores that contain the encryption and decryption Keys used by this entry.

The DCTIFSENC command performs the following primary steps:

  1. Optional: Creates a backup of the IFS directory and subdirectories if INCSUBDIR is *YES (containing the source files) into a Save file named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999.
  2. Optional: Creates a backup of the IFS directory and subdirectories if INCSUBDIR is *YES (containing the encrypted files) into a Save file named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999.
  3. Journaling will be stopped for the directories.
  4. Performs a mass decryption of the IFS files in the directories.
  5. The status of the IFS registry entry will be changed to *INACTIVE.

How to get there

From the IFS Encryption Menu, choose option 11. Or, prompt (F4) the command of CRYPTO/DCTIFSENC.

Options

IFS identifier (IFSID)

Specify the IFS identifier to deactivate.

Save database file (SAVDTA)

Indicate if the directory(s) containing the source files and the target directory(s) containing the encrypted files should be saved (backed up) into a Save File before the deactivation process begins. It is highly recommended to save the files for error recovery purposes.

The source files and the target (encrypted files) will be saved into two different backup files.

The possible values are:

*YES
Save the IFS files into a Save File before deactivation begins.
NOTE:
  • The created Save Files will be named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999. The backup files will be placed in the CRYPTO library.
  • Before using this option, ensure that enough disk space is available for a saved copy of the files.
*NO
Do not save the files before the deactivation process begins.

 

Related Topics