The z/OS Platform Services Process uses DES encryption for communication with core drivers.
A given transaction between the Platform Services Process and a core driver is encrypted using a single use session key. The key is assigned by the core driver and consists of a pseudo-random number encrypted with the key of the platform.
Core drivers obtain the DES key for a given platform from its Platform object in the ASAM System container. You use the Web interface to enter this information. For details about using the Web interface to set the attributes of a Platform object, see the Core Driver Administration Guide.
The Platform Services Process obtains the DES key from the platform configuration file KEY statement. For information about the platform configuration file, see the Platform Services Planning Guide and Reference.
If the DES key used by a core driver for a given platform and the DES key used by the platform are not identical, communication attempts fail.
So that you can change the DES key for a platform, core drivers can use the previous key within a time interval that you specify. Core drivers always try the current key first. If that attempt is unsuccessful and the time interval has not expired, the core driver tries the previous key.
To change the DES key for a platform:
Use the Web interface to specify the new key for the platform. Specify a sufficient time before the old key expires for you to change the key on the platform. For details about how to specify the encryption key that core drivers use for a given platform, see the Core Driver Administration Guide.
Update the KEY statement in the platform configuration file of the platform with the new key value. For details about the platform configuration file, see the Platform Services Planning Guide and Reference.