Change IFS Encryption Key (CHGIFSKEY)

The Change IFS Encryption Key (CHGIFSKEY) command allows authorized users to change (rotate) the keys used for an entry in the IFS Encryption Registry.

Up to 99,999 keys can be rotated for a registry entry.

The following users can use this command:

QSECOFR user profile (unless excluded in the Key Officer settings)
A user profile with *SECADM authority (unless excluded in the Key Officer settings)
A Key Officer who has a *YES specified for the "Maintain IFS Enc. Registry" authority setting

This command requires that you have *CHANGE authority to the CRVL003 Validation List (*VLDL) object which contains the IFS Encryption Registry.

NOTE: The new key will only be used for future encryption processes of IFS files. Existing encrypted files will not be affected. In other words, this command will not re-encrypt existing encrypted IFS files with the new key.

How to Get There

On the Work with IFS Encryption Registry (WRKIFSENC) panel, choose option 10 for an IFS identifier.

Options

IFS identifier (IFSID)

Indicate the unique name of the IFS registry entry to change the keys for.

Encryption key label (ENCKEYLBL)

Indicate the label of the Symmetric Key to use for encrypting the IFS files.

Encryption key store name (ENCKEYSTR)

Indicate the object name and library of the Key Store which contains the Symmetric Key to use for encryption of the IFS files.

The users (or user groups) which need to encrypt values will need to have at least *USE authority to this Key Store object.

The possible values are:

key-store-name Enter the name of the Key Store.

*DEFAULT Use the default Key Store name specified at the Key Policy level.

The possible library values are:

library-name Enter the name of the library where the Key Store is located.

*LIBL Locate the Key Store within the library list.

Decryption key label (DECKEYLBL)

Indicate the label of the Symmetric Key to use for decrypting the IFS files.

The possible values are:

decryption-key-label Indicate the label of the key to use for decryption.

WARNING: If specifying a different key label than the label specified for encryption, then that decryption key should contain the same key value as the encryption key.

*ENCKEYLBL Use the same label as specified on the ENCKEYLBL parameter.

Decryption key store name (DECKEYSTR)

Indicate the object name and library of the Key Store which contains the Symmetric Key to use for decryption of the IFS files.

The users (or user groups) that need access to the decrypted values will need to have at least *USE authority to this Key Store object.

The possible values are:

key-store-name Enter the name of the Key Store.

*ENCKEYSTR Use the same Key Store as specified on the ENCKEYSTR parameter.

*DEFAULT Use the default Key Store name specified at the Key Policy level.

The possible library values are:

library-name Enter the name of the library where the Key Store is located.

*LIBL Locate the Key Store within the library list.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.0 | 202307100156 | July 2023