A PGParchive (filename.pga) can be decrypted on z/OS TSO/batch, z/OS USS, Linux/Unix, or Windows® platforms by means of the PGParchive reader, a freely distributable part of the SDS E-Business Server.
An SDA (filename.sda.exe) can decrypt itself on Windows.
PGParchives and SDAs use conventional encryption. The encrypter/sender needs to separately and securely supply a passphrase.
For PGParchives, the receiver needs to download the reader utility from this web page.
*Follow the instructions below or download this PDF.
Instructions follow for:
- Linux/Unix
- Windows
- z/OS USS
- z/OS TSO/batch
- Moving across platforms
- What version?
Linux/Unix, decrypting PGParchives
The sender supplies the archive file and the passphrase.
Copy the ebsreader file to the Linux/Unix system. Click for…
AIX, HP-UX, Linux 32-bit, Linux 64-bit, Solaris
Decrypt with a command like the following:
./ebsreader [] [--overwrite]
is the PGParchive to be decrypted.
Output goes to the current directory or to the .
–overwrite means that the reader will not prompt before overwriting an existing file.
At execution, the reader will prompt for the passphrase.
Windows, decrypting PGParchives
The sender supplies the archive file and the passphrase.
Copy EBSReader.exe to the Windows system. Click for…
To decrypt, double-click on the archive file (typically *.pga).
Windows will prompt for an opener program. Direct it to EBSreader.exe.
Answer the reader’s prompt for the passphrase.
Then browse the Windows file system to specify an output directory.
Or, at a command line, execute a command like the following:
EBSreader.exe [] [--overwrite] [--no-gui]
is the PGParchive to be decrypted.
Output goes to the current directory or to the .
–overwrite means that the reader will not prompt before overwriting an existing file.
–no-gui means the reader will not generate Windows diaologue boxes.
At execution, the reader will prompt for the passphrase.
Windows, decrypting SDAs
The sender supplies the archive file and the passphrase.
Double-click on the archive file (typically *.sda.exe).
Answer the prompt for the passphrase.
Then browse the Windows file system to specify the output directory.
z/OS USS, decrypting PGParchives
The sender supplies the archive file and the passphrase.
Copy the pgpreader file to the USS system.
Below are details about download and decompress a tar file.
1. At this web page, click to download the file pgpreader-uss.tar
2. Transfer that file to z/OS USS via binary FTP:
> ftp ipAddressOfZosMachine
User: username
Password: password
ftp> bin
ftp> put /path/pgpreader-uss.tar /path/pgpreader-uss.tar
ftp> quit
3. On z/OS USS, extract the file pgpreader:
tar -xvf pgpreader-uss.tar
Decrypt with a command like the following:
./pgpreader [] [--overwrite]
is the PGParchive to be decrypted.
Output goes to the current directory or to the .
–overwrite means that the reader will not prompt before overwriting an existing file.
At execution, the reader will prompt for the passphrase.
z/OS TSO/batch, decrypting PGParchives
The sender supplies the archive file and the passphrase.
Receive the dataset member READER into a z/OS loadlib.
Below are details about download and receive.
1. On z/OS, allocate a sequential dataset:
hlq.PGPREADR.XMIT, organization PS, format FB, record length 80, block size 3120, space 1 cylinder.
//CREATE1 EXEC PGM=IEFBR14
//DDI DD DSN=hlq.PGPREADR.XMIT
// DISP=(NEW,CATLG),UIT=SYSALLDA,
// DCB=(RECFM=FB,LRECL=80,BLKSIZE=3120,
// DSORG=PS),SPACE=(CYL,(1,1)))
//SYSIN DD *
2. At this web page, click to download the file pgpreadr.xmit in TSO XMIT format.
3. Transfer that file to the MVS dataset via binary FTP:
> ftp ipAddressOfZosMachine
User: username
Password: password
ftp> bin
ftp> put pgpreadr.xmit 'hlq.PGPREADR.XMIT' (REPL
ftp> quit
4. On z/OS TSO, receive the file with two commands:
RECEIVE INDSNAME('hlq.PGPREADR.XMIT')
[ENTER]
DA('hlq.PGPREADR.PDS')
[ENTER]
On TSO, decrypt files with a command like the following:
TSO CALL ‘hlq.PGPREADR.PDS(READER)’
The READER will prompt for the name of the archive file, then its passphrase.
Note that the output reproduces the original file names, and the first node of a file name becomes the HLQ. Invalid HLQs will cause security and access problems. The problem needs to be avoided at the encryption end, by renaming files.
To decrypt with a batch job, below is the sample JCL.
//PGPREADR JOB (),'NAME',CLASS=A,MSGCLASS=X,NOTIFY=&SYSUID,MSGLEVEL=(1,1)
//*-------------------------------------------------------------*/
//* Sample job to decrypt PGParchive on MVS */
//* First statement in SYSIN is PGA file name */
//* Second statement in SYSIN is passphrase (case sensitive) */
//*-------------------------------------------------------------*/
//RDR EXEC PGM=READER,PARM='2>&1'
//STEPLIB DD DISP=SHR,DSN=hlq.PGPREADR.PDS
//SYSIN DD *
'MY.ARCHIVE.PGA'
the passphrase goes here
/*
Moving across platforms
All binary, never text:
- Archived, encrypted data is always binary, never text.
- Decryption does not translate ASCII to EBCDIC, or EBCDIC to ASCII.
- Decrypted data retains its original line-break characters:
EBCDIC:0x15, Linux/Unix:0x0A, Windows:0x0D0x0A.
From elsewhere, to z/OS:
- Decryption on z/OS reproduces original file names. On z/OS TSO/batch, those file names need to obey z/OS TSO naming requirements.
- On z/OS TSO/batch, no directory structure or subdirectory files are preserved. Decryption outputs all the files as sibling datasets.
- On z/OS TSO/batch, original files residing in subdirectories are only restored if they were encrypted with the option –discard-paths.
From z/OS, to elsewhere:
- An archive created in TSO/batch will not contain any directory structure. All the decrypted output files will be siblings.
What version?
To learn the version number of a PGParchive reader, enter one of the following commands:
Linux/Unix: ebsreader --version
Windows: EBSreader.exe --version
z/OS USS: pgpreader --version
Resources
E-Business Server
View all the latest E-Business Server resources, including webinars, datasheets, white papers, and more.
Free Trial
Want to see how well E-Business Server can perform on your environment? Your organization can try SDS Software on your system for 30 days, free of charge.
Contact SDS
Phone: (800) 443-6183
Phone: (763) 571-9000
200 Village Center Drive, Suite 250
North Oaks, MN 55127
USA