Work with Misc Settings

When using the new CRCONFIG file to set up the IFS encryption, you need to use the following steps to setup and run the IFS Encryption processes.

In all cases the CRCONFIG file must be in the CRYPTO library. When the file is not found or a setting is not found then the default settings are used.

The WRKCONFIG command allows you to change the settings in the CRCONFIG file. In the new version the WRKCONFIG command will be located on the “Product information” menu.

Below are the default settings in the file when installed.

Name Value
Default Settings  
EXTFILE_USECMTCTRL YES
IFS_ASPNAME ______  
IASP Settings  
IFS_IASP_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_IASP_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_IASP_JOURNAL_LIBRARY CRYPTO
IFS_IASP_JOURNAL_NAME CRJNI001
LOC1 Settings  
IFS_LOC1_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_LOC1_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_LOC1_JOURNAL_LIBRARY CRYPTO
IFS_LOC1_JOURNAL_NAME CRJNI001
LOC2 Settings  
IFS_LOC2_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_LOC2_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_LOC2_JOURNAL_LIBRARY CRYPTO
IFS_LOC2_JOURNAL_NAME CRJNI001
LOC3 Settings  
IFS_LOC3_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_LOC3_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_LOC3_JOURNAL_LIBRARY CRYPTO
IFS_LOC3_JOURNAL_NAME CRJNI001
LOC4 Settings  
IFS_LOC4_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_LOC4_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_LOC4_JOURNAL_LIBRARY CRYPTO
IFS_LOC4_JOURNAL_NAME CRJNI001
LOC5 Settings  
IFS_LOC5_CRYPTO_OBJECTS_LIBRARY CRYPTO
IFS_LOC5_FILES_JOURNALLED_BY_THIRD_PARTY NO
IFS_LOC5_JOURNAL_LIBRARY CRYPTO
IFS_LOC5_JOURNAL_NAME CRJNI001

Configuration Settings when in the IFS Encryption Registry the Journal Location (JRNLOC) field is set to *DEFAULT

This is used for all normal IFS Encryption. *ASP is used for IASP replication. *LOCx are used when a third party Journal is being used to journal a directory you want to encrypt.

    When the Journal Location for a field is *DEFAULT then no records need to be added to the CRCONFIG file. Use the WRKCONFIG command to enter or change the objects.

The following objects will already exist in the CRYPTO library and must stay there.

1. CRVL003 *VLDL IFS Encryption Registry
2. CRPFIFS *PF IFS Encryption Information
3. CRPFIFSL1 *LF  
4. CRPFIFSL2 *LF  
5. CRPFIFSL3 *LF  
6. CRPFIFSL4 *LF  
7. CRPFIFS2 *PF IFS Encryption Changes File
8. CRPFIFSPRC *PF IFS Encryption Changes File
9. CRPFIFSPR1 *LF  
10. CRJNI001 *JRN Journal
11. CRJRI001 *JRNRCV Journal Receiver
12. CRLSTSEQ *DTAARA Keeps track of the Last Receiver and Seq Number
13. CRSRVRUN *DTAARA Used to let the server program know to End.

Configuration Settings when in the IFS Encryption Registry the Journal Location (JRNLOC) field is set to *IASP

*IASP is used for IASP replication is used on a system. The default objects will still exist in the CRYPTO library.

When the Journal Location for a field is *IASP then the following setup needs to be done.

  1. Create or designate an IASP library to hold the Powertech Encryption for IBM i objects created below that need to be copied from the CRYPTO library.
  2. All of the objects below must exist in the IASP Library. These objects should only hold information about the IASP files.
    1. CRPFIFS
    2. CRPFIFSL1
    3. CRPFIFSL2
    4. CRPFIFSL3
    5. CRPFIFSL4

    6. CRPFIFSPRC

    7. CRPFIFSPR1

    8. Journal Receiver. Use the following command CRTJRNRCV JRNRCV(IASPLIB/CRJRI001)
    9. Journal. Use the following command CRTJRN JRN(IASPLIB/CRJNI001) JRNRCV(IASPLIB/CRJRI001)
    10. CRLSTSEQ
    11. CRSRVRUN
  3. Create a DDM file in the CRYPTO library called CRPFIFSA over the CRPFIFS file in the CRASP library. For example if my IASP name is IASP1 and my library in the IASP I am using is CRASP then use the following command.
    1. CRTDDMF FILE(CRYPTO/CRPFIFSA) RMTFILE(CRASP/CRPFIFS) RMTLOCNAME(*RDB) RDB(IASP1)
  4. The CRCONFIG file in library CRYPTO must have the following records added and set. Use the WRKCONFIG command to enter or change the records.
    1. IFS_IASP_CRYPTO_ OBJECTS_LIBRARY
      1. The value must be the library that holds the new objects created above. This must not be CRYPTO.
    2. IFS_IASP_FILES_JOURNALLED_BY_THIRD_PARTY  *NO
    3. IFS_IASP_JOURNAL_LIBRARY
      1. The value must be the library that holds the journal. This must not be CRYPTO.
    4. IFS_IASP_JOURNAL_NAME
  5. The authorities for these objects should be the same as for the ones in the CRYPTO Library.
  6. The CRPFIFS file must be empty.
  7. The CRLSTSEQ Data Area holds the current Journal receiver name in the first 10 characters. This should be changed to the current Journal Receiver for the journal that is journaling the directory.
    1. 'CRJRI001 000000000000001'
  8. The CRLSTSEQ Data Area holds the last sequence number read in the current Journal receiver in the last 15 characters. This should be changed to the last sequence number in the Current Journal Receiver for the journal that is journaling the directory.
  9. The CRSRVRUN Data Area should be set to “N”.
  10. Create an IFS Encryption Registry Entry in the (CRVL003) located in the CRYPTO library and set the JRNLOC value to *IASP.
  11. Start the IFSENCJOBA by using the following command.
    1. STRIFSENCJ JRNLOC(*IASP)
  12. Activate the Entry. This process will make sure that the IASP Library is available to the job. If the library is not then the SETASPGRP command will be ran. If the command fails then the Activate will fail.
IFS_IASP_CRYPTO_OBJECTS_LIBRARY The IASP Library that holds the copied objects from the CRYPTO Library.
  1. CRPFIFS
  2. CRPFIFSL1
  3. CRPFIFSL2
  4. CRPFIFSL3
  5. CRPFIFSL4

  6. CRPFIFSPRC

  7. CRPFIFSPR1

  8. Journal object. If you are using the same naming convention as Powertech Encryption for IBM i does, then the name would be CRJNI001.
  9. Journal Receiver objects. If you are using the same naming convention as Powertech Encryption for IBM i does, then the name would be CRJRI001.
  10. CRLSTSEQ
  11. CRSRVRUN
IFS_IASP_FILES_JOURNALLED_BY_THIRD_PARTY Value should be NO when encrypting an IASP directory
IFS_IASP_JOURNAL_LIBRARY The IASP Library that holds the Journal to be used.
IFS_IASP_JOURNAL_NAME The Journal name .

Configuration Settings when in the IFS Encryption Registry the Journal Location (JRNLOC) field is set to *LOC1 through *LOC5

*LOCx is used when a directory is already being journaled by a third party journal.

When the Journal Location (JRNLOC) for a field is *LOC1, *LOC2, *LOC3, *LOC4 or *LOC5, then the following setup needs to be done.

  1. Check that the directory and all files in the directory are being journaled by using the following:
  2. WRKLNK ‘/DirectoryName’
    1. Enter option 8 next to the directory and the files to make sure they are journaled. The Directory and the files must be journaled. The journal information will be on the 4th or 5th page. Take note of the journal Library and Name.
  3. Once you know the Journal Library and Journal Name use the command WRKJRN to view the Journal Information.
    1. Take option 8 to get the Attached receiver. Make note of the receiver name.
    2. Press F17 from there to get the Last sequence number.
  4. Create or designate a library to hold the Powertech Encryption for IBM i objects created in the next step below. These objects can be copied from the CRYPTO library. Make sure the CRPFIFS file is empty in the new library.
  5. All of the objects below must be copied to the new Library designated above.
    1. CRPFIFS Physical File
    2. CRPFIFSL1 Logical File over CRPFIFS
    3. CRPFIFSL2 Logical File over CRPFIFS
    4. CRPFIFSL3 Logical File over CRPFIFS
    5. CRPFIFSL4 Logical File over CRPFIFS

    6. CRPFIFSPRC Physical File

    7. CRPFIFSPR1 Logical File over CRPFIFSPRC

    8. CRLSTSEQ Data Area
    9. CRSRVRUN Data Area
  6. The authorities for these objects should be the same as for the ones in the CRYPTO Library.
  7. The CRPFIFS file must be empty.
  8. The CRLSTSEQ Data Area holds the current Journal receiver name in the first 10 characters and the last 15 characters holds the Last Sequence Number of the current Journal. For example. 'CRJRI010 000000000000235'
    1. Change the first 10 characters to hold the current Journal receiver name found above.
    2. Change the last 15 characters to hold Last Sequence Number of the current Journal found above. Be sure to include the leading zeros.
  9. The CRSRVRUN Data Area should be set to “N”.
  10. The CRCONFIG file must have the following records added. Use the WRKCONFIG command to enter or change the objects.
    1. IFS_LOCx_CRYPTO_ OBJECTS_LIBRARY
      1. The value must be the library that holds the new objects created above. This must not be CRYPTO.
    2. IFS_LOCx_FILES_JOURNALLED_BY_THIRD_PARTY
    3. IFS_LOCx_JOURNAL_LIBRARY
      1. The value must be the library that holds the journal. This must not be CRYPTO.
    4. IFS_LOCx_JOURNAL_NAME
  11. Create an IFS Encryption Registry Entry in the (CRVL003) located in the CRYPTO library and set the JRNLOC value to the appropriate value. Either *LOC1, *LOC2, *LOC3, *LOC4 or *LOC5.
  12. Start the IFSENCJOBx (where x is 1 thru 5) by using the following command.
    1. STRIFSENCJ JRNLOC(*LOCx)
  13. Activate the Entry in the IFS Registry.
IFS_LOCx_CRYPTO_OBJECTS_LIBRARY The Library that holds the copied objects from the CRYPTO Library.
  1. CRPFIFS
  2. CRPFIFSL1
  3. CRPFIFSL2
  4. CRPFIFSL3
  5. CRPFIFSL4

  6. CRPFIFSPRC

  7. CRPFIFSPR1

  8. Journal object.
  9. Journal Receiver object
  10. CRLSTSEQ
  11. CRSRVRUN
IFS_LOCx_FILES_JOURNALLED_BY_THIRD_PARTY Value should be YES when using these options.
IFS_LOCx_JOURNAL_LIBRARY The Library that holds the Journal to be used.
IFS_LOCx_JOURNAL_NAME The Journal name .