Colin, There is a document by Philippe Richard of IBM France which documents this problem and demonstrates how to resolve it using a set of REXX routines written by Eysha Powers.
It is entitled "Transporting AES encrypted data keys from one z/OS host to another". As far as I can see it has no manual number. If you cannot find it from Philippe Richard, then I can send you a copy. The method makes use of standard ICSF calls to use EC keys to have the same AES data key installed into two distinct z/OS systems in a secure manner. Once that key is installed in both systems, the data can be securely transferred in either direction. Lennie Dymoke-Bradshaw https://rsclweb.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Colin Paice Sent: 22 July 2021 15:08 To: [email protected] Subject: How should I send file to another sysplex securely. I was wondering the best way customers send sensitive data between z/OS images. I was thinking about exporting one's private certificates. 1. I can create a dataset of the private certificates on system 1 and have it encrypted. I can send it to the other system. How can I decrypt it on the remote system as it needs shared certificates? It seems a chicken and egg problem 2. I can put a password on the file through JCL and use FTPS to send it. This could easily be broken This is hypothetical, but I would be interested in how to do it. Colin Paice ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
