@Mike, thanks for the kind words.
@Grant, yes, exactly, "pure" public key is waaaaay too slow to use for a
significant file. The only practical approach is what you call "hybrid."
I would say in no event does the OP want to "roll his own" or "cobble something
together out of bits and pieces."
This problem is what FTP does for a living. Either SFTP ("SSH FTP") which I am
not real familiar with but I know works like a champ, or FTPS (FTP over TLS)
which I am very familiar with. The two are totally different options; they do
not interoperate. A client for one does not talk to a server for the other.
You need a secure (SFTP or FTPS) server at one end (sending or receiving, your
choice) and some configuration at the other end. An investment in secure FTP is
an investment in the future, not just this one problem.
You should be able to find lots of SHARE sessions and so forth on "how to
install and configure and use a secure FTP server." There is help on this forum
if necessary.
Oh! In Step 3 below, add to the sentence "... using a secure
cryptographic-quality random-number generator." Again, you don't want to roll
your own on this. Waaaay too many traps for the unwary.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Grant Taylor
Sent: Thursday, July 22, 2021 1:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: How should I send file to another sysplex securely.
On 7/22/21 12:49 PM, Mike Hochee wrote:
> With private key (aka symmetric ) the same key is used to encrypt and
> decrypt, and the key must be securely shared among business partners
> (a vulnerability). Pervasive or z/OS data set encryption uses private
> key encryption.
>
> With public key model (aka asymmetric) a key pair is generated
> and the keys are mathematically related, this enables the secure
> sharing of a public key with another organization. Public key
> cryptography is quite elegant IMO and solves your chicken/egg
> issue.
There is also a hybrid approach in which a symmetric key is used to
encrypt / decrypt the data and asymmetric keys to protect the first key.
-- My understanding is that symmetric encryption is multiple orders
of magnitude faster than asymmetric encryption.
1) Create an asymmetric public + private key pair on the destination
system.
2) Transfer the destination system's public key to the source system.
3) Create a symmetric key on the source system.
4) Use the source system's symmetric key to encrypt the data.
5) Use the destination system's asymmetric public key to encrypt the
source system's symmetric key.
6) Transfer both the encrypted data and the encrypted symmetric key
from the source system to the destination system.
7) Use the destination system's asymmetric private key to decrypt the
source system's symmetric key.
8) Use the decrypted source system's symmetric key to decrypt the data.
...
n) PROFIT!!!
The data and the symmetric key protecting it are only unencrypted on the
source and destination system.
--
Grant. . . .
unix || die
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
