Add a Field Encryption Pending Key (ADDPNDKEY)

When using Field Procedures, the Add a Field Encryption Pending Key (ADDPNDKEY) command allows authorized users to add a Pending key to a Field entry that can be used in the next key rotation process.

This command can be used for *ACTIVE field entries that use Field Procedures.

Up to 99,999 keys can be rotated for a field entry.

The following users can use this command:

• QSECOFR user profile (unless excluded in the Key Officer settings)
• A user profile with *SECADM authority (unless excluded in the Key Officer settings)
• A Key Officer who has a *YES specified for the "Maintain Field Enc. Registry" authority setting

This command requires that you have *CHANGE authority to the CRVL002 Validation List (*VLDL) object which contains the Field Encryption Registry.

How to Get There

In the File Field Encryption Menu, choose option 6.

Options

Field identifier (FLDID)

Indicate the unique name of the field entry to add the Pending key.

Encryption key label (ENCKEYLBL)

Indicate the label of the Symmetric Key to use in the Pending key.

Encryption key store name (ENCKEYSTR)

Indicate the object name and library of the Key Store which contains the Symmetric Key to use in the Pending key.

The users (or user groups) which need to encrypt values will need to have at least *USE authority to this Key Store object.

The possible values are:

The possible library values are:

Decryption key label (DECKEYLBL)

Indicate the label of the Symmetric Key to use for decrypting the field values.

The possible values are:

Decryption key store name (DECKEYSTR)

Indicate the object name and library of the Key Store which contains the Symmetric Key to use for decryption of the field.

The users (or user groups) that need access to the decrypted values will need to have at least *USE authority to this Key Store object.

The possible values are:

The possible library values are: