The Makers of FDR®


Data Encryption for FDR, ABR and IDCAMS Backups

FDRCRYPT and FDRCAMS encrypt your FDR, ABR and IDCAMS REPRO backups, reducing the risk of data exposure, and protecting the data against unauthorised access by anyone that does not possess the proper encryption keys.
  • Various levels of software encryption are available, each offering varying strengths of encryption to be offset against CPU requirements.

  • Hardware encryption and hardware assists are also supported, which can significantly reduce the CPU and elapsed time overheads usually associated with encrypting data.
Why Encrypt My Backups?

The protection of your backups and the securing of the data on them is now required by many of today’s government, industry and corporate privacy and security laws and regulations. This includes the European Data Protection Directive, HIPAA, Sarbanes-Oxley, and DOD requirements, among others in Europe, the USA and other countries.

Data encryption now plays a key role in the protection of your backups - particularly any backups that are destined to go offsite or outside of your organization.

Software Encryption

FDRCRYPT and FDRCAMS offer various types of software encryption of varying strength. This allows you to balance the sensitivity of the data with the additional cost in CPU and elapsed time to encrypt that data.
  • TDES Triple Data Encryption Standard, uses the DES algorithm 3 times, with 3 different keys of 64 bits each (192 bits total) to encrypt the data.

  • AES uses a 128, 192 or 256-bit encryption key to do a repetitive transformation of the data. AES is the current standard for US government encryption.

  • CIPHER also uses a substitution table, and then each byte is moved to a different location in the data block.

All encryption algorithms are implemented entirely within FDRCRYPT and FDRCAMS and do not depend on any other installed encryption hardware or software. This ensures that the data can be decrypted (by FDRCRYPT or FDRCAMS) at any disaster site.

FDRCRYPT encryption is supported on all full volume, incremental, application and data set backups created by FDR, FDRINC and FDRAPPL.

Hardware Encryption

In addition to the software encryption described above, FDRCRYPT and FDRCAMS support the following hardware encryption and hardware assists:
  • AES hardware encryption on IBM z9 BC/EC processors (and their successors)

  • TDES on z890, z990 and z9 processors (and their successors).

  • The z/9 hardware assist (CPACF), which is a standard, no-cost feature on the z/9

Utilization of these hardware instructions can significantly reduce the CPU and elapsed time overheads usually associated with encryption.


As well as supporting all backup types created by the FDR DASD Management Family, FDRCRYPT also includes a sub-component called FDRCAMS, a front-end to IBM’s IDCAMS, which allows the encryption and decryption of output sequential data sets created by REPRO. The same encryption algorithms included in FDRCRYPT are also available under FDRCAMS.

With FDRCAMS, sequential copies of your VSAM or IAM files (or PS data sets) can be encrypted prior to shipment to other companies or government agencies. The encrypted data set can be on tape, or on disk for delivery via email or FTP. A free, unlicensed copy of FDRCAMS (called FDRDECRY) can then be downloaded from this website and then installed at the receiving location to allow the encrypted IDCAMS files to be decrypted.


If you are involved in the broader subject of your company’s data security, you may also be interested in FDRERASE, another security-related member of the FDR DASD Management Family.

FDRERASE is an EAL2+ certified product that can quickly erase many z/OS disk volumes in parallel, allowing you to erase your data in the minimum elapsed time.

On average, the ERASE function of FDRERASE can erase approximately 1.5Tb of data (per DASD controller) in 1 hour. Two FDRERASE jobs running against two separate DASD controllers could erase approximately 3Tb in 1 hour.

See the FDRERASE section for more details.

For more introductory information on FDRCRYPT, see the Product Portfolio Sheet

For more technical detail on FDRCRYPT, see the Tech Detail section.

return to top