Set Up Backup Encryption Using AS400 BRMS

One way to secure the data that we will backup to a physical cartridge is by using encryption. This is so that our data cannot be seen by irresponsible people. One method of data backup encryption on the AS400 is to use Encryption via BRMS. Before starting the encryption setup using BRMS, make sure the license program BRMS Advanced feature (5770-BR1 Option 2) and Cryptographic Service Provider (5770-SS1 Option 44) is installed on your AS400. Here are the steps taken:

Generate Key

  • Add master key: ADDMSTPART MSTKEY(1) PASSPHRASE(put the key phrase)
ADDMSTPART
  • Set master key: SETMSTKEY MSTKEY(1) – according to the position of the master key set in the previous point.
  • Create keystore file : CRTCKMKSF KEYSTORE(QUSRBRM/Q1AKEYFILE) MSTKEY(1) AUT(*LIBCRTAUT)
CRTCKMKSF
  • Generate keystore file entry: GENCKMKSFE KEYSTORE(QUSRBRM/Q1AKEYFILE) RCDLBL(TESTENC) KEYTYPE(*AES) KEYSIZE(32)
GENCKMKSFE

Set Up Media Policy

To add a key during the backup process, we simply add the key that we have created to the media policy that will be created. Addition to the Encrypt Data section of the media policy.

Change Media Policy

If the Key and Media policy have been changed, we can perform a test backup using BRMS (SAVOBJBRM, SAVLIBBRM and others). To find out whether the object we are backing up is encrypted, we can use the WRKMEDIBRM command (for example).

Sample WRKMEDIBRM

Press F11 three times to get to the Keystore page. If there are values ​​in the Keystore File, Library and Label so the object has been backed up using encryption.

Object already backup using encryption

For detail: How to Set up Encryption Environment to Perform Software Encryption

Leave a Reply