Re: EKM and Public Keys

[Lizette Koehler]

Mark,

I have tried it with both the KEYLABL1 and KEYLABL2 parms.  They both fail the 
same way - I am not able to encrpyt the key that way.


//SYSUT1  DD DISP=SHR,DSN=TSO.LK41591.PDF.CNTL(IDCAMS)              
//SYSUT2  DD DISP=(,CATLG,DELETE),UNIT=CART,DATACLAS=ENCRYPT,       
//           RETPD=1,                                               
//           KEYLABL1='EMKLOWES',                                   
//           KEYENCD1=H,                                            
//           DSN=STORAGE.ENCRYPT$.TEST.VOL4V                        
IOS000I 0A0C,10,IOE,01,0E00,,**,300113,LK41591T  584                            
  
 804C08C022402751 0001FF0000000000 0005EE3100000092 2004E8205D6F2011            
  
 ENCRYPTION FAILURE                                                             
  
 CU = 00 DRIVE = 000000 EKM = 05EE31                                            
  
IEC512I I/O ERR 0A0C,300113,SL,LK41591T,COPYIT1,STORAGE.ENCRYPT$.TEST.VOL4V     
  
IEC518I SOFTWARE ERRSTAT: INTLABEL 0A0C,300113,SL,LK41591T,COPYIT1              
  


Lizette


----->
>Lizette Koehler wrote:
>> I have added the public key from our partner into our Top Secret 
>> envrionment.  Now I need to see if it actually encrypted with that public 
>> key.  Here I am still not understanding this process of public keys so well.
>>
>> IEC205I SYSUT2,LK41591T,COPYIT1,FILESEQ=1, COMPLETE VOLUME LIST,  
>> DSN=STORAGE.ENCRYPT$.TEST.VOL4R,VOLS=300027,                             
>> LISTED VOL(S) HAVE BEEN DATA ENCRYPTED,KL1CD:L,KL2CD:H,                  
>> KL1=rsaceru,KL2=EMKLOWES,TOTALBLOCKS=1                                   
>>
>> I then took the tape and wrote back out the file.  Which was successful.  I 
>> thought if I used a public key I would not be able to read the tape again.  
>> Yet my test did not support that thought.
>>
>> So my questions
>> 1)  When you encrypt a tape with a public key, can you still read it?
>> 2)  How can you verify that the tape is actually setup to use the public key 
>> and not my private key?
>> 3)  We are using EKM software from IBM, are there any displays that will 
>> help me verify that my partner will be able to read the tape?
>>     Anything in ISMF, or CA1?
>>
>> Thanks
>>
>> Lizette
>>
>>   
>If you encrypted the tape with two keylabels, one from your generated
>keypair and the other one from your partner then yes you should be able
>to read it. Try encrypting the tape with only their key. Your attempt to
>read the tape should fail since you don't have the associated private
>key in your environment.
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html