On 7/22/21 12:49 PM, Mike Hochee wrote:
With private key (aka symmetric ) the same key is used to encrypt and
decrypt, and the key must be securely shared among business partners
(a vulnerability). Pervasive or z/OS data set encryption uses private
key encryption.
With public key model (aka asymmetric) a key pair is generated
and the keys are mathematically related, this enables the secure
sharing of a public key with another organization. Public key
cryptography is quite elegant IMO and solves your chicken/egg
issue.
There is also a hybrid approach in which a symmetric key is used to
encrypt / decrypt the data and asymmetric keys to protect the first key.
-- My understanding is that symmetric encryption is multiple orders
of magnitude faster than asymmetric encryption.
1) Create an asymmetric public + private key pair on the destination
system.
2) Transfer the destination system's public key to the source system.
3) Create a symmetric key on the source system.
4) Use the source system's symmetric key to encrypt the data.
5) Use the destination system's asymmetric public key to encrypt the
source system's symmetric key.
6) Transfer both the encrypted data and the encrypted symmetric key
from the source system to the destination system.
7) Use the destination system's asymmetric private key to decrypt the
source system's symmetric key.
8) Use the decrypted source system's symmetric key to decrypt the data.
...
n) PROFIT!!!
The data and the symmetric key protecting it are only unencrypted on the
source and destination system.
--
Grant. . . .
unix || die
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
