f you have followed the APIs by Example articles covering cryptographic key management in general and the new key management APIs introduced with release V5R4 in particular, you should now be able to establish a three-tier cryptographic key hierarchy that lets you create and manage master keys, key encryption keys, and data keys. For anyone needing to read up on this exciting topic, I’ve provided links to all previous articles below.
One important part is still missing in this exercise, however: How to actually put this key hierarchy to practical use in a common application context. For this purpose, I have created a couple of CL commands that act as an interface to creating and changing customer data records stored in a physical data file: Add Customer Record (ADDCUSRCD) and Change Customer Record (CHGCUSRCD). The scenario prompting the encryption efforts is the following: One of the fields in the customer file contains information of a highly sensitive and confidential nature, and it is therefore required that the data stored in this field be stored in an encrypted format.