Lennie Dymoke-Bradshaw wrote, re platform-specificity: >Why do you think this is platform specific? The AES encryption keys
>involved can be managed by an external key manager, (such as EKMF) and >so those keys can be securely deployed to other (secured) platforms. The >encrypted data can be read and then be sent to another platform and >decrypted using the original encryption keys. >Maybe I have misunderstood what you mean by "platform-specific". Yeah, ok, I wasn't clear for sure. Sure, external keys being available across platforms is possible, if not common; but more significantly, consider normal data flows: data moves between ASCII and EBCDIC worlds, gets translated in the process. With whole-file, non-format-preserving encryption, that means you have to decrypt, translate, re-encrypt; with format-preserving, you don't have to add anything to that flow. That's a big win when adding encryption to existing systems. For a new system, of course, you'd design it differently. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN