Connect CDC SQData's Communications Architecture relies on an encryption system made up of 32 byte Public / Private key pairs. The generation of the key pairs is one of the functions performed by the SQDutil. See the Secure Communications Guide for a detailed description of the Communications Architecture and how it uses the Networking and Cryptographic Library (NaCl).
Keygen generates NaCl key pairs.
sqdutil keygen [options]
Keyword | Description |
---|---|
-o | --output= <directory_name>/<private_key_file_name> Note: Linux, AIX and Windows only.
|
Specifies the directory where the generated NaCl keys are stored and the file name of the private key. The public key will be the same file name with the .pub extension. The Defaults, If not specified will be the operating system specific "home" directory of the requesting user, id_nacl and id_nacl.pub:
|
-f | --force Linux, Unix and Windows only |
Force overwrite of the existing public / private keys. |
Sample
Below is an example of a public / private key pair as they appear in their respective files.
Public Key:
5Y3FJbqOSaaImePo7fMb4I9Zm3Cw8H1oa4gVoF9Tazg= SQDUSER1@ZOS10
-----BEGIN NACL PRIVATE KEY-----
L68x1APsG4Bhhv+gG4CYP3IdsSUX3fNSQ030RUy0T5I=
-----END NACL PRIVATE KEY-----
- On zOS, the public key is generated into the file/dataset specified in DD:SQDPUBL and the private key is generated into the file/dataset specified in DD:SQDPKEY.
- The Azure Key Vault is supported for components running on Linux. See Add NaCL Private Key to AKV under Operational Considerations.
Example 1
//*-----------------------------------------------------------------
//* GENERATES NACL KEYS FOR DAEMON COMMUNICATION
//*-----------------------------------------------------------------
//* PARMS MUST BE ENTERED IN LOWER CASE
//*
//* PARMS: keygen
//* Specifies that SQDUTIL should generate public/private
//* key and store them in the SQDPUBL DD / SQDPKEY DD, respectively
//* SQDPUBL: the public key that will be registered with the daemon
//* SQDPKEY: the private key that you should not share
//*-----------------------------------------------------------------
//JOBLIB DD DISP=SHR,DSN=SQDATA.Vnnn.LOADLIB
//*
//SQDUTIL EXEC PGM=SQDUTIL
//SYSPRINT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//SQDPUBL DD DSN=&SYSUID..NACL.PUBLIC,
// DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),
// DISP=(,CATLG,DELETE),UNIT=SYSDA,
// SPACE=(TRK,(1,1))
//SQDPKEY DD DSN=&SYSUID..NACL.PRIVATE,
// DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),
// DISP=(,CATLG,DELETE),UNIT=SYSDA,
// SPACE=(TRK,(1,1))
//*
//SQDPARMS DD *
keygen
/*
Example 2
The default syntax for Linux, AIX and Windows are identical and can be run at the command prompt or in a script:
sqdutil keygen
Example 3
Override the default location for application "abc" but use the recommended default file names and force them to be overwritten on Linux:
sqdutil keygen -o /var/opt/sqdata/abc/.nacl/id_nacl -f