Change IFS Encryption Entry (CHGIFSENC)

The Change IFS Encryption Entry (CHGIFSENC) command allows authorized users to change an entry in the IFS Encryption Registry.

This command is only allowed for changing an entry with an *INACTIVE status.

The following users can use this command:

  • QSECOFR user profile (unless excluded in the Key Officer settings)
  • A user profile with *SECADM authority (unless excluded in the Key Officer settings)
  • A Key Officer who has a *YES specified for the "Maintain IFS Enc. Registry" authority setting
NOTE: This command requires that you have *CHANGE authority to the CRVL003 Validation List (*VLDL) object, which contains the IFS Encryption Registry.
NOTE: The CHGIFSENC command only changes the settings in the IFS registry. It will not cause any action to be performed on the actual directory or files in the directory. The IFS entry will not be activated for encryption until the ACTIFSENC (Activate IFS Encryption) command is executed.
The encryption algorithm of the symmetric key will be used to determine the encryption algorithm with which the IFS files will be encrypted. For instance, if the symmetric key was created with AES-256, then the IFS files will also be encrypted with AES-256.

How to Get There

On the Work with IFS Encryption Registry (WRKIFSENC) panel, choose option 2 for an IFS identifier.

Options

IFS identifier (IFSID)

Indicate the unique name of the entry up to 30 characters.

Rules for IFS identifier:

  • The IFS identifier does not have to be the same name as the directory or files to encrypt. It is simply used as a way to identify this entry within IFS registry.
  • The IFS identifier cannot contain spaces or certain special characters.
  • The IFS identifier can contain underscore characters.
  • The IFS identifier is not case sensitive. It will be stored in upper case.
IFS directory to encrypt (SRCDIR)

The maximum size of the directory name is 256 bytes. The maximum size of any filename is 256 bytes. Specify the path of the IFS directory containing the files to be encrypted. For instance: '/HR/PayrollData'

Include subdirectories (INCSUBDIR)

Indicate if the files within the directory's subdirectories are to be encrypted.

The possible values are:

*YES Files within the subdirectories will also be encrypted.
*NO Files within the subdirectories will NOT be encrypted.
Encrypted files storage folder (SRCDIR)

The maximum size of the directory name is 256 bytes. Specify the path of the IFS directory to store the encrypted versions of the files. If this directory does not exist, then it will be created. If this is an existing directory, then it cannot contain existing files.

The possible values are:

*DEFAULT The encrypted versions of the files will be stored under the '/CryptoDisk' directory using the same directory name as specified for the SRCDIR parameter. For instance: '/CryptoDisk/HR/PayrollData'
ifs-directory-name Specify the full path to the IFS directory name to store the encrypted versions of the IFS files. For instance: '/Encrypted/HR/PayrollData'
Authorization list for decryption (AUTLDEC)

Indicate the i5/OS Authorization List that should be used to determine which users have authority to decrypt the IFS files.

The possible values are:

authorization-list-name Indicate the name of the Authorization List. An Authorization List can be created with the IBM i command CRTAUTL. The users (or user groups) which need access to the decrypted IFS files will need at least (*USE) authority to the Authorization List.

*NONE An Authorization List should not be used by the IFS decrypt operations. Therefore the user can gain access to the decrypted files as long as they have object authority to the IFS file and at least *USE authority to the Key Store which holds the Decryption Key.
Journal location (JRNLOC)

Indicate the location of the journal and related objects.

The possible values are:

*DEFAULT The location for all related objects will be in the CRYPTO library. Also the name of the journal will be CRJNI001. No further changes will need to be made.

*IASP The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the IASP library designated.
 
The following objects will need to be copied into the IASP library:
 
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRPFIFS2 PHYSICAL FILE
  • CRVL003 VALIDATION LIST
  • CRJNI001 JOURNAL CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA

The following entries will need to be added into the CRCONFIG file:

  • IFS_IASP_CRPFIFS_LIBRARY
  • IFS_IASP_CRPFIFS2_LIBRARY
  • IFS_IASP_REGISTRY_LIBRARY
  • IFS_IASP_JOURNAL_LIBRARY
  • IFS_IASP_LAST_SEQ_DTAARA_LIBRARY
  • IFS_IASP_SERVER_RUN_DTAARA_LIBRARY
*LOC1 The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the LOC1 library designated. The IFS Encryption Registry(CRVL003) will need to be in the CRYPTO library.
 
The following objects will need to be copied into the LOC1 library:
 
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRJNI001 JOURNAL
  • CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA
The following entries will need to be added into the CRCONFIG file:
  • IFS_LOC1_CRPFIFS_LIBRARY
  • IFS_LOC1_REGISTRY_LIBRARY
  • IFS_LOC1_JOURNAL_LIBRARY
  • IFS_LOC1_LAST_SEQ_DTAARA_LIBRARY
  • IFS_LOC1_SERVER_RUN_DTAARA_LIBRARY
*LOC2 The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the LOC2 library designated. The IFS Encryption Registry(CRVL003) will need to be in the CRYPTO library.
 
The following objects will need to be copied into the LOC2 library:
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRJNI001 JOURNAL
  • CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA

The following entries will need to be added into the CRCONFIG file:

  • IFS_LOC2_CRPFIFS_LIBRARY
  • IFS_LOC2_REGISTRY_LIBRARY
  • IFS_LOC2_JOURNAL_LIBRARY
  • IFS_LOC2_LAST_SEQ_DTAARA_LIBRARY
  • IFS_LOC2_SERVER_RUN_DTAARA_LIBRARY
*LOC3 The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the LOC3 library designated. The IFS Encryption Registry(CRVL003) will need to be in the CRYPTO library.
 
The following objects will need to be copied into the LOC3 library:
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRJNI001 JOURNAL
  • CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA

The following entries will need to be added into the CRCONFIG file:

  • IFS_LOC3_CRPFIFS_LIBRARY
  • IFS_LOC3_REGISTRY_LIBRARY
  • IFS_LOC3_JOURNAL_LIBRARY
  • IFS_LOC3_LAST_SEQ_DTAARA_LIBRARY
  • IFS_LOC3_SERVER_RUN_DTAARA_LIBRARY
*LOC4 The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the LOC4 library designated. The IFS Encryption Registry(CRVL003) will need to be in the CRYPTO library.
 
The following objects will need to be copied into the LOC4 library:
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRJNI001 JOURNAL
  • CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA

The following entries will need to be added into the CRCONFIG file:

  • IFS_LOC4_CRPFIFS_LIBRARY
  • IFS_LOC4_REGISTRY_LIBRARY
  • IFS_LOC4_JOURNAL_LIBRARY
  • IFS_LOC4_LAST_SEQ_DTAARA_LIBRARY
  • IFS_LOC4_SERVER_RUN_DTAARA_LIBRARY
*LOC5 The location of the objects will need to be entered into the CRCONFIG file located in the CRYPTO library and the objects will need to be copied into the LOC5 library designated. The IFS Encryption Registry(CRVL003) will need to be in the CRYPTO library.
 
The following objects will need to be copied into the LOC5 library:
  • CRPFIFS PHYSICAL FILE
  • CRPFIFSL1 LOGICAL FILE
  • CRPFIFSL2 LOGICAL FILE
  • CRPFIFSL3 LOGICAL FILE
  • CRPFIFSL4 LOGICAL FILE
  • CRJNI001 JOURNAL
  • CRJRI001 JOURNAL RECEIVER
  • CRLSTSEQ DATA AREA
  • CRVERSION DATA AREA

The following entries will need to be added into the CRCONFIG file:

  • IFS_LOC5_CRPFIFS_LIBRARY
  • IFS_LOC5_REGISTRY_LIBRARY
  • IFS_LOC5_JOURNAL_LIBRARY
  • IFS_LOC5_LAST_SEQ_DTAARA_LIBRARY
  • IFS_LOC5_SERVER_RUN_DTAARA_LIBRARY