Activate IFS Encryption (ACTIFSENC)

The Activate IFS Encryption (ACTIFSENC) command will activate an *INACTIVE entry in the IFS Encryption Registry.

TIP: It is strongly recommended to submit this command to batch.
NOTE: If Powertech Antivirus is installed on the system on which an IFS encryption entry is being activated, a scan will be performed as part of the activation step. Ensure the profile running the activation has an entry in the system directory.

The following users can use this command:

  • QSECOFR user profile (unless excluded in the Key Officer settings)
  • A user profile with *SECADM authority (unless excluded in the Key Officer settings)
  • A Key Officer who has a *YES specified for the "Maintain IFS Enc. Registry" authority setting
IMPORTANT: Specific authorities may be required for users running this command:

  • *RWX data authority and *ALL object authority to the directories and files to encrypt.

  • *CHANGE authority to the CRVL003 (Validation List object which contains the IFS Encryption Registry), CRPFIFS, CRPFIFSL1, CRPFIFSL2, CRPFIFSL3, CRPFIFSL4, CRPFIFS2 and CRPFIFSLOG files, which will be updated during this process.

  • *USE authority to the Authorization List assigned to this entry.

WARNING: Before using the ACTIFSENC command to encrypt production data, make sure you have performed the following steps:
  1. Verified you have all the previously listed authorities.
  2. Within a test environment, you should have tested ACTIFSENC, and tested your applications thoroughly with encrypted files.
  3. No applications or users should be currently using the directory(s) and files to encrypt.

  4. The ACTIFSENC command will perform a mass encryption of the files in the directory(s) to encrypt. You should allocate enough downtime for the ACTIFSENC to execute. Execution times will vary depending on the processor speed of your system, the number of files in the directory(s), and other activity running on the system at the time. In order to estimate the execution time for ACTIFSENC, you should run the ACTIFSENC command over some test files first.

  5. Check (and double check) the IFS entry settings using the DSPIFSENC command. Especially make sure the source and target directories are correct and that the include sub directories parameter is correct.

The ACTIFSENC command performs the following primary steps:

  1. Optional: Creates a backup of the IFS directory and subdirectories if INCSUBDIR is *YES (containing the files to encrypt) into a Save file named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999. This backup file will be placed in the CRYPTO library.
  2. Performs a mass encryption of the current files in the directory, as well as its subdirectories if INCSUBDIR is *YES.
  3. Journaling will be started over the directory and if include subdirectories (INCSUBDIR) is *YES then the subdirectories will be journaled as well.
  4. The status of the IFS entry will be changed to *ACTIVE.

How to Get There

From the IFS Encryption Menu, choose option 10. Or, prompt (F4) the command CRYPTO/ACTIFSENC.

Options

IFS identifier (IFSID)

Enter the IFS identifier to activate.

Save IFS directory(s) and files (SAVDTA)

Indicate if directory(s) (containing the files to encrypt) should be saved (backed up) into a Save File before the activation process begins. It is highly recommended to save the directory(s) and files for error recovery purposes.

The possible values are:

*YES Save the directory(s) and files into a Save File before activation begins.
NOTE: The created Save File will be named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999.

Before using this option, ensure that enough disk space is available for a saved copy of the directory(s) and files.

*NO Do not save the directory(s) and files before the activation process begins.