In a recent note, Russell Witt said: > Date: Wed, 18 Jan 2006 20:33:33 -0600 > > Cypto-coprocessors and are running with z/OS you can encrypt with DES (or > Triple-DES) in none-clear key. This means that the encryption key itself is > "registered" with ICSF and you are returned a token name. When you want to > encrypt data you call ICSF services and pass it this token name. ICSF will > take the token name, find the real encryption key (which is stored in an > encrypted form in its CKDS - Crypto Key Data Set) and pass this encrypted > key down to the co-processor. Now, the co-processor is "locked" to this > system and knows how to un-encrypt keys passed to it from this system. So it > then un-encrypts the key and encrypts the data with this key and returns the > encrypted data. > So, how does the remote disaster recovery site decrypt the data when the main site is crashed?
For that matter, what's the upgrade process to next year's model with a new crypto-coprocessor? -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
