AES 256 bit AES Encryption and sharing of security files.

Document ID : KB000016320
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Running mixed encryption with multiple security files that are in synch via CPF

Question:

We are looking at implementing support for 256-bit AES encryption of passwords/password phrases.

This note was pointed out to me:

Important! A security file that has 256-bit AES encryption enabled cannot be shared with CA Top Secret r15 (and earlier) systems. If you want 256-bit AES encryption while sharing the file, ensure that all shared systems are at least Version 16.

I don't think our production and test LPARs share files. The only sharing I'm aware of is via CPF (the password propagation).

Should we wait until all LPARs are converted to r16, or can we implement the 256-bit AES encryption in test with r16 before we have upgraded production to R16?

Answer:

As long as you are not sharing the security file between r15 and r16, you can run mixed AES 128 and AES 256 on your systems using CPF to keep the security files in synch.

If you plan on sharing the security files, then all systems sharing that security file should be the using the same AES encryption.