PGP is used to encrypt data files You use WS_FTP and zOS FTP to encrypt the data connection (transfers) using SSL which uses RSA/DSA to encrypt the cipher keys. The actual connection will use AES and Triple-Des ciphers
Two different things. WS-FTP will encrypt the data with PGP then use SSL to encrypt the connection. Double encryption. You need either Encryption Facility for z/OS or Megacryption to de-encrypt the data file with PGP encryption on the mainframe PGP is good encryption but it is not in use very much on IBM mainframes because the encryption can not be offloaded to crypto hardware , like RSA/DSA (Using crypto express cards) and AES/DES using CPACF And some people consider it a waste of good cpu time to encrypt both the data and the connection Steve Finch -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Gary Snider Sent: Tuesday, October 09, 2012 3:57 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: OpenPGP Encryption Currently, our OpenPGP encryption is done using a Windows server and the IPSwitch WS_FTP Client software. Configuration displays from the client indicate that we are using RSA, DSA and DH keys with sizes of 1024 and 2048 bits. Cipher algorithms include AES-256, Triple-DES, BLOWFISH and CAST5. We would like to start supporting OpenPGP encryption on our Z10 BC (2098-E10) mainframe running z/OS 1.13. I am having some difficulty understanding what hardware is required to support this. I have been reviewing the Redbook, Encryption Facility for z/OS V1.2 OpenPGP Support. It leads me to believe that the CPACF embedded processor that comes standard with the Z10 will handle the Cipher algorithms (except perhaps CAST5). But what about the key algorithms (RSA, DSA, DH)? Do I need additional hardware to handle those? Does it depend on the key size? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
