CA Tape Encryption is a software-based encryption appliance that provides a convenient and secure method for automating the encryption and decryption of confidential data on tape volumes in the z/OS operating environment.
The product is designed to generate two types of encrypted tapes:
In-house tapes are internal tapes for use inside an organization. This category includes tapes for disaster recovery sites. Encrypt this type of tape using a symmetric key. The encryption key must be available when the tape is created and when the tape is read. The ICSF CKDS or BES database containing the symmetric keys used to encrypt the data must be available to the system doing the decryption. When performing decryption at a disaster recovery site or off-site location, you must first recover the CKDS if that is your key repository, and the BES database.
Business-to-Business (B2B) tapes are sent outside the organization, for example to another company or business partner. Encrypt the data on a B2B tape using a randomly generated symmetric key. Then have the symmetric key itself encrypted using the public key portion of the public key/private key pair of the business partner (the recipient of the tape).
For non-z/OS business partners, the randomly generated symmetric key is based on an electronic code book to maintain the integrity of the key rather than using public key/private key encryption techniques. Use the CA Tape Encryption Multiplatform Decryption Utility (MDU) Java client on supported non-z/OS platforms to decrypt files encrypted using this code book method.
For more information about the MDU, see Multiplatform Decryption Utility User Guide or the utility's online help.
With CA Tape Encryption installed, running a batch job which references an output tape dataset using LABEL=(1,SL,EXPDT=98000), it can happen to get the error:
BES1T0013E Non-B2B encryption for foreign tape
and the job abnormally ends.
How to bypass this error?