I then send PGP RSA encrypted data offsite. Am I not offloading processing to crypto hardware (CEX2) during encryption? -------------------------------------------------------------------------------------------------------------- PGP encryption does not use the hardware (CPACF/ CEX2). The data is encrypted with PGP
RSA encryption does use CEX2 crypto hardware in Accelerator mode (CEX2A) . The PGP encryption keys are encrypted with RSA Steve Finch -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jim Mooney Sent: Wednesday, October 10, 2012 6:04 PM To: [email protected] Subject: OpenPGP doesn't use crypto hardware? was Re: OpenPGP Encryption Re: "PGP is good encryption but it is not in use very much on IBM mainframes because the encryption can not be offloaded to crypto hardware ..." I'm confused since the OpenPGP doc mentions hardware encryption in several places. I recently had a project to get OpenPGP working on z/os 1.13. I am using a public/private key pair generated with ICSF in the PKDS. We have 2 CEX2 cards. I '-prepared' my key pair with OpenPGP. During encryption I specify '-provider com.ibm.crypto.hdwrCCA.provider.IBMJCECCA.' I then send PGP RSA encrypted data offsite. Am I not offloading processing to crypto hardware (CEX2) during encryption? -Jim ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
