PURPOSE: The user can be identified as being authorized to access an encrypted Data Set (DS) or Data Index (DI) with the PERMIT KEY command.
These cipher keys are checked against encrypted DS’s and DI’s as they are accessed. A two hash code system is used so that the actual cipher keys are not available except when the cipher key is given in the PERMIT KEY command. The first hash code is stored in the Data Base Library (DBL) and is used to check that a valid cipher key was entered for that object. The second hash code is computed when the cipher key is entered and is used to cipher and decipher the data. The second hash code cannot be derived from the first, but requires the cipher key to compute it so it is only available at run time.
Up to 32 encrypted DS’s and DI’s may be accessed at one time through PERMIT KEY commands. ACCENT R maintains a table of DS and DI cipher keys with 32 entries. When entering the 33rd cipher key, the oldest entry in the table is overwritten.
SYNTAX
PERMIT KEY IS {cipher_key; TERMINAL}
|
cipher_key |
specifies the cipher key associated with the DS or DI. |
|
TERMINAL |
prompts the user for the cipher key from the screen. The cipher key does not echo on the screen when it is entered. |
Example
*PERMIT KEY IS TERMINAL<CR>NOTES: This command is not required to access a DS or DI that was encrypted without a user-supplied cipher key (auto-cipher) in the CIPHER DS or CIPHER DI commands.
An encrypted DS or DI can be accessed in another DBL by using the IN DBL clause. Before giving the command or Process Module (PM) statement that contains the IN DBL clause, enter the cipher key for the DS or DI.