Public and private keys and authorized key list - connect_cdc_sqdata - Latest

Connect CDC (SQData) Secure Communications Components

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (SQData)
Version
Latest
Language
English
Product name
Connect CDC (SQData)
Title
Connect CDC (SQData) Secure Communications Components
Copyright
2024
First publish date
2000
Last edition
2024-07-30
Last publish date
2024-07-30T19:55:16.493453

The Controller Daemon uses a Public / Private key mechanism to ensure component communications are valid and secure. A key pair must be created for the SQDaemon Job System User-ID and the User-ID's of all the Agent Jobs that interact with the Controller Daemon. On z/OS, by default, the private key is stored in SQDATA.NACL.PRIVATE and the public key in SQDATA.NACL.PUBLIC. These two files will be used by the Daemon in association with a sequential file containing a concatenated list of the Public Keys of all the Agents allowed to interact with the Controller Daemon. The Authorized Keys file must contain at a minimum, the public key of the SQDaemon job System User-ID and is usually created with a first node matching the user name running the SQDaemon job, in our example SQDATA.NACL.AUTH.KEYS.

The file must also include the Public key's of Engines running on zOS or other platforms. The Authorized Keys file is usually maintained by an administrator using ISPF.

JCL similar to sample member NACLKEYS included in the distribution executes the SQDutil utility program using the keygen command and should be used to generate the necessary keys and create the Authorized Key List file. The JCL should be edited to conform to the operating environment and the job must be run under the user-id that will be used when the Controller Daemon job is run.
//NACLKEYS JOB 1,MSGLEVEL=(1,1),MSGCLASS=H,NOTIFY=&SYSUID              
//*                                                                    
//*--------------------------------------------------------------------
//*   Generate NACL Public/Private Keys and optionally AKL file        
//*--------------------------------------------------------------------
//*   Required DDNAME:                                                
//*     SQDPUBL DD - File that will contain the generated Public Key  
//*     SQDPKEY DD - File that will contain the generated private Key  
//*                  ** This file and its contents are not to be shared
//*                                                                    
//*   Required parameters:                                            
//*      PARM - keygen    *** In lower case ***                        
//*      USER - The system USERID or high level qualifier of the      
//*             SQDATA libraries IF all Jobs will share Private Key.  
//*                                                                    
//*   Notes:                                                          
//*     1) This Job generates a new Public/Private Key pair, saves    
//*        them to their respective files and adds the Public Key      
//*        to an existing Authorized Key List, allocating a new        
//*        file for that purpose if necessary.                        
//*                                                                    
//*     2) An optional first step deletes the current set of files    
//*                                                                    
//*     3) Change the SET parms below for:                            
//*         HLQ - high level qualifier of the CDC Libraries            
//*         VER - the 2nd level qualifier of the CDC OBJLIB & LOADLIB  
//*         USER - the High Level Qualifier of the NACL Datasets      
//*--------------------------------------------------------------------
//*                                                                    
//     SET HLQ=SQDATA                                                  
//     SET VER=V400                                                    
//     SET USER=&SYSUID                                                
//*                                                                    
//JOBLIB   DD DISP=SHR,DSN=SQDATA..&VER..LOADLIB
//*                                                                    
//*-------------------------------------------------------------------
//* Optional: Delete Old Instance of the NACL Files                  
//*-------------------------------------------------------------------
//*DELOLD   EXEC PGM=IEFBR14                                          
//*SYSPRINT DD SYSOUT=*                                              
//*OLDPUB   DD DISP=(OLD,DELETE,DELETE),DSN=&USER..NACL.PUBLIC        
//*OLDPVT   DD DISP=(OLD,DELETE,DELETE),DSN=&USER..NACL.PRIVATE      
//*OLDAUTH  DD DISP=(OLD,DELETE,DELETE),DSN=SQDATA.NACL.AUTH.KEYS    
//*-------------------------------------------------------------------
//* Allocate Public/Private Key Files and Generate Public/Private Keys
//*-------------------------------------------------------------------
//SQDUTIL  EXEC PGM=SQDUTIL                                          
//SQDPUBL  DD DSN=&USER..NACL.PUBLIC,                                
//            DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),                  
//            DISP=(,CATLG,DELETE),UNIT=SYSDA,                        
//            SPACE=(TRK,(1,1))                                      
//SQDPKEY  DD DSN=&USER..NACL.PRIVATE,                                
//            DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),                  
//            DISP=(,CATLG,DELETE),UNIT=SYSDA,                        
//            SPACE=(TRK,(1,1))                                      
//SQDPARMS DD *                                                      
keygen                                                              
//SYSPRINT DD SYSOUT=*                                                
//SYSOUT   DD SYSOUT=*                                                
//SQDLOG   DD SYSOUT=*                                                
//*SQDLOG8  DD DUMMY                                                  
//*-------------------------------------------------------------------
//* Allocate the Authorized Key List File --> Used only by the Daemon
//*-------------------------------------------------------------------
//COPYPUB  EXEC PGM=IEBGENER                                          
//SYSPRINT DD SYSOUT=*                                                
//SYSIN    DD DUMMY                                                  
//SYSUT1   DD DISP=SHR,DSN=&USER..NACL.PUBLIC                        
//SYSUT2   DD DSN=SQDATA.NACL.AUTH.KEYS,                              
//            DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),                  
//            DISP=(MOD,CATLG),UNIT=SYSDA,SPACE=(TRK,(5,5))     

Notes:

  • Since the Daemon and Capture Agents and zOS Apply Engines may be running in the same LPAR/system, they frequently run under the same System User-ID, in that case they would share the same public/private key pair.
  • Changes are not known to the Daemon until the configuration files are reloaded, using the SQDmon Utility, or the sqdaemon process is stopped and started.