Has nothing to do with key exchange. The DEK used to encrypt the data
will be in clear text rather than the DEK being encrypted by the KEK. (
ICSF Master Key ).
Mark Jacobs
Tony Thigpen <mailto:t...@vse2pdf.com>
June 12, 2017 at 8:12 AM
We are talking about encrypting "Data at Rest". There is *no* key
exchange involved. The only purpose for encrypting keys is so you can
send them to someone else.
Tony Thigpen
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Mark Jacobs - Listserv <mailto:mark.jac...@custserv.com>
June 12, 2017 at 8:01 AM
Encryption/decryption without a CryptoExpress only supports clear
keys, not protected or secured encryption keys. Might be enough for
the OP, but wouldn't fly in my environment.
Tony Thigpen <mailto:t...@vse2pdf.com>
June 12, 2017 at 7:22 AM
For encrypting "data at rest", the CPACF is really all he needs. The
Crypto Express is intended to speed up key negotiations between sites,
something not needed for his intended plans.
Tony Thigpen
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
the original message as an attachment to 'phish...@timeinc.com'.
--
Mark Jacobs
Time Customer Service
Global Technology Services
The standard you walk past is the standard you accept.
Lt. Gen. David Morrison
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN