On 7/22/21 12:49 PM, Mike Hochee wrote:
With private key (aka symmetric ) the same key is used to encrypt and decrypt, and the key must be securely shared among business partners (a vulnerability). Pervasive or z/OS data set encryption uses private key encryption.

With public key model (aka asymmetric) a key pair is generated and the keys are mathematically related, this enables the secure sharing of a public key with another organization. Public key cryptography is quite elegant IMO and solves your chicken/egg issue.

There is also a hybrid approach in which a symmetric key is used to encrypt / decrypt the data and asymmetric keys to protect the first key. -- My understanding is that symmetric encryption is multiple orders of magnitude faster than asymmetric encryption.

1) Create an asymmetric public + private key pair on the destination system.
2)  Transfer the destination system's public key to the source system.
3)  Create a symmetric key on the source system.
4)  Use the source system's symmetric key to encrypt the data.
5) Use the destination system's asymmetric public key to encrypt the source system's symmetric key. 6) Transfer both the encrypted data and the encrypted symmetric key from the source system to the destination system. 7) Use the destination system's asymmetric private key to decrypt the source system's symmetric key.
8)  Use the decrypted source system's symmetric key to decrypt the data.
...
n)  PROFIT!!!

The data and the symmetric key protecting it are only unencrypted on the source and destination system.



--
Grant. . . .
unix || die

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to