You are touching on the real issue of encryption: key management. Some suggest that encryption keys are more sensitive and valuable than the data they protect. And a lot harder to manage.
AFAIK, 'clear key encryption' means that secret encryption keys flow over networks 'in the clear'. This can be a reasonable level of security for many shops. Compare to a hardware/software configuration where at no time does any secret encryption key flow over any network the open. That is, these secret keys are first themselves encrypted before flowing. Like the Trusted Key Entry feature of some flavors of Z processors. You can do a fair job of keeping your secret key secret by using TLS/SSL. But you still have all those nasty Windows issues to consider. Or perhaps you have some old coax 3270 devices. These are generally considered to be secure enough for many kinds of operational keys. Perhaps even your master key. HTH and good luck. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ward, Mike S Sent: Wednesday, January 18, 2006 2:30 PM To: [email protected] Subject: Clear key encryption Hello all. I was wondering if anyone could explain to me what Clear Key Encryption VS None clear Encryption is. I looked in the archives, but only found a reference that clear key could run on the T-REX. I thought that clear key encryption was purely SSL and the other was DES/3DES where the 3des keys are encrypted by the master. The reason I am asking is because we will be encrypting our data for offsite export. I don't believe that ssl would be a good way to do it. Thanks in advance. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
