If Mr. Marshall would care to be specific about his reference? I am pretty sure he is incorrect.
This reference is dated... but clearly specifies Encryption Facility 1.2 will have support for hardware encryption .. http://www-03.ibm.com/systems/z/os/zos/encryption_facility/#note1 Additionally, if you have a zIIP or zAAP all of the time spent in JAVA code for OpenPGP is eligible to be offloaded. I would recommend making sure you have all available PTFs for OpenPGP. There are some annoying incompatibilities with GNUPG versions that require some special handling. The most recent PTFs provide some additional diagnostics that get you on the right path to solve it. Rob Schramm Senior Systems Consultant Imperium Group On Wed, Oct 10, 2012 at 6:03 PM, Jim Mooney <[email protected]>wrote: > Re: "PGP is good encryption but it is not in use very much on IBM > mainframes because the encryption can not be offloaded to crypto hardware > ..." > > I'm confused since the OpenPGP doc mentions hardware encryption in several > places. > > I recently had a project to get OpenPGP working on z/os 1.13. I am using > a public/private key pair generated with ICSF in the PKDS. We have 2 CEX2 > cards. I '-prepared' my key pair with OpenPGP. During encryption I specify > '-provider com.ibm.crypto.hdwrCCA.provider.IBMJCECCA.' I then send PGP RSA > encrypted data offsite. > > Am I not offloading processing to crypto hardware (CEX2) during encryption? > > -Jim > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
