Encryption in a CA-IDMS database

Document ID : KB000125153
Last Modified Date : 31/01/2019
Show Technical Document Details
Introduction:
This document describes the options available for encrypting data in a CA-IDMS database.
Background:
Modern security attitudes dictate that encryption is becoming a more pressing concern in database implementations.
This article summarizes the possibilities within CA-IDMS.
Environment:
CA-IDMS, all supported releases.
Instructions:
The only component within CA-IDMS specifically designed for encrypting data is the support of the Pervasive Encryption introduced at z/OS 2.3.
However, this requires that the database files use VSAM as the file access method.
For more information, see Using Pervasive Encryption with CA IDMS.

Using VSAM as the file access method in a CA-IDMS database is much less prevalent than the standard IDMS method,  EXCP against PS datasets.
It is more widely used at VSE sites.
For documention on converting from one file access method to another, see Changing the Access Method of a File.

(Note: Some IDMS functionality does not support native VSAM files, for example file caching as is documented in DMCL Statements (scroll down to "Caching Files in Memory"). Support for native VSAM files (each VSAM record is read as a record in IDMS) and using VSAM as the access method (each VSAM record is an IDMS database page) are two very different things, and so functionality being documented as not supporting native VSAM does not mean it does not support VSAM as the access method.)

CA IDMS also has compression options which while they are not specifically designed for encryption, they can effectively be used to do so.
However, these compression options can only compress the data beyond the last key field (index or calc) in a database record layout, and cannot be used to compress data in an SQL defined database.
Encryption via compression in a CA IDMS database is documented in KB000020368.

There is also a third-party tool available - MegaCryption for CA-IDMS from ASPG.