Thanks for the answer. I have the need to backup customer information and send it to offsite storage in case of a disaster. If we have a disaster or (test) disaster recovery we take the tapes to our disaster recovery site and restore the data there. If we had to restore the data locally on the same system that it was created on would I need an importer key? Would the same exporter key work for data decryption? If we restored the system along with the data at the disaster recovery site would I need the importer key there?
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of R.S. Sent: Wednesday, April 19, 2006 1:49 AM To: [email protected] Subject: Re: ICSF Ward, Mike S wrote: > Thanks for the answer. > > I just finished generating an exporter key using ICSF. Do I need to > generate an importer key as well? The ICSF admin book sort of says they > complement each other, but it doesn't say whether you need both. I will > be encrypting tapes using VDR's utility, and I'll need to read the tapes > back in at the local site or at a remote site. Am I just ok with an > exporter key? I don't know what are your needs. However exporter/importer keys (I assume symmetric keys) are for key transportation in secure way. Instead of that you can transport the keys in clear form (it is unsecure and requires SSM). Again, if you transport the keys "unidirectionally" (from system A to system B, never in opposite direction), then one pair exporter/importer is OK. If you want to have bidirectional "key traffic" then you need two pairs. Picture one direction: SYSA exporter1 ----> importer1 SYSB second direction: SYSA importer2 <---- exporter2 SYSB importer1 and exporter1 are 'complementary' - they have the same value. importer2 and exporter2 are complementary also. -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ============================================================================================================================= This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
