Thanks Peter, and to others who have replied. I'm confused though and am seeing conflicting information. In the Encryption Facility OpenPGP manual it says:
Two kinds of session key encryption are available to OpenPGP: Public-key encryption, which creates a public-key encrypted session key packet using the public key of the recipient to encrypt the data; only the recipient can decrypt this data with the corresponding private key. Passphrase-based encryption (PBE), which creates a symmetric-key encrypted session key packet using a passphrase (like a “password”) to encrypt the data; only this password can be used to decrypt the data. Suggesting that our plan to encrypt using just a pass phrase rather than keys is viable... Can anybody who knows the product clarify this? Best Regards Paul -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Peter Vander Woude Sent: 20 April 2021 14:20 To: [email protected] Subject: Re: IBM Encryption Facility for OpenPGP Caution! External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe. Paul, In the normal pgp encryption processing, you encrypt the file using the public key of the target system/vendor. There should be no need to use the passphrase, when encrypting a file to send to someone... The passphrase used on the other side would be so that they can get access to the private part of the pgp key, which is the only thing that can decrypt the file. Peter On Mon, 19 Apr 2021 10:52:17 +0000, Beesley, Paul <[email protected]> wrote: >Hi > >Does anyone use IBM Encryption Facility for OpenPGP (FMID HCF7740), >specifically to encrypt files on z/OS and decrypt them on Windows or Linux? > >I can successfully encrypt a file using a PassPhrase (not keys) and can >decrypt it on another mainframe system. >However, if I send the encrypted file to another platform I cannot decrypt it. >It detects that I've used a passphrase, and AES_256, but will not accept the >PassPhrase. > >This is what I get on Windows: >C:\Users\xxxxxxx\Downloads>gpg -o D2021109.TEST3.TXT --decrypt >D2021109.TEST3.ENC >gpg: AES256.CFB encrypted session key >gpg: encrypted with 1 passphrase >gpg: decryption failed: Bad session key > >On Linux it's similar but the message is >gpg: decryption failed: no secret key > >Any help welcome. I do have a PMR open with IBM, but every little helps... > >Paul > >Atos is a trading name used by the Atos group. The trading entity is >registered in England and Wales: Atos IT Services UK Limited (registered >number 01245534). The registered office is located at: Second Floor, MidCity >Place, 71 High Holborn, London, WC1V 6EA. The VAT No. is: GB232327983. > >This e-mail and the documents attached are confidential and intended solely >for the addressee and may contain confidential or privileged information. If >you receive this e-mail in error, you are not authorised to copy, disclose, >use or retain it. Please notify the sender immediately and delete this email >from your systems. As emails may be intercepted, amended or lost, they are not >secure. Atos therefore can accept no liability for any errors or their >content. Although Atos endeavours to maintain a virus-free network, we do not >warrant that this transmission is virus-free and can accept no liability for >any damages resulting from any virus transmitted. The risks are deemed to be >accepted by everyone who communicates with Atos by email. > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, send >email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN Atos is a trading name used by the Atos group. The trading entity is registered in England and Wales: Atos IT Services UK Limited (registered number 01245534). The registered office is located at: Second Floor, MidCity Place, 71 High Holborn, London, WC1V 6EA. The VAT No. is: GB232327983. This e-mail and the documents attached are confidential and intended solely for the addressee and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
